General
-
Target
fa8380534c7876773e1315360225f92d30fc4ff6c4cdf70bebaf16e5f450d6f5.exe
-
Size
1.7MB
-
Sample
241123-dr4r1atjbm
-
MD5
c80d723528ed0121eef557cc31bd4c87
-
SHA1
150ec423edbfb73989a525fc3b553d06f411ece7
-
SHA256
fa8380534c7876773e1315360225f92d30fc4ff6c4cdf70bebaf16e5f450d6f5
-
SHA512
3ae11b656d242e891881b5833781a1431d0dde16de66a21b775613a7d02e098a68ad41301fa85f5cf3bd0bb7561c1ab784fd0d3c4940a45d66aa67f10b475da8
-
SSDEEP
49152:FeFnYVk0QSUFysYk0uyMIDv9fPFNC0c2c316Ph3qR:FAYVk0QSUFysb2MIRC0dh3qR
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
fa8380534c7876773e1315360225f92d30fc4ff6c4cdf70bebaf16e5f450d6f5.exe
-
Size
1.7MB
-
MD5
c80d723528ed0121eef557cc31bd4c87
-
SHA1
150ec423edbfb73989a525fc3b553d06f411ece7
-
SHA256
fa8380534c7876773e1315360225f92d30fc4ff6c4cdf70bebaf16e5f450d6f5
-
SHA512
3ae11b656d242e891881b5833781a1431d0dde16de66a21b775613a7d02e098a68ad41301fa85f5cf3bd0bb7561c1ab784fd0d3c4940a45d66aa67f10b475da8
-
SSDEEP
49152:FeFnYVk0QSUFysYk0uyMIDv9fPFNC0c2c316Ph3qR:FAYVk0QSUFysb2MIRC0dh3qR
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-