stealc | 33ec7d97e387a484ca822a25143b5d01ddce8ab813200719537702f0931f9e87 | Triage

Sharing

General

Target

file.exe
Size

1.7MB
Sample

241124-bkhj3ssmfj
MD5

f5634fe84a0d50da553341dd8b70f55b
SHA1

ee0ce0583edd4b0093709fb1be3aba975e4f7780
SHA256

33ec7d97e387a484ca822a25143b5d01ddce8ab813200719537702f0931f9e87
SHA512

2211675f740494a7f34971a475281608aeccda6615ec5b709711be3b5e079fa6f64608680ff9ee483c1b2e1a8270c3510c2940a5af4a2563ef12c764ef72dc6c
SSDEEP

24576:hbieeUbLA2ft0FPIE7Mygu+OUo7d6eBuum18ioePTk8dFTPfg2hbDh0QFZB6K:BicbUkEXgX+7d6Dpp4AFTgeRB6

Score

10^/10

stealc mars discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  file.exe
- Size
  
  1.7MB
- MD5
  
  f5634fe84a0d50da553341dd8b70f55b
- SHA1
  
  ee0ce0583edd4b0093709fb1be3aba975e4f7780
- SHA256
  
  33ec7d97e387a484ca822a25143b5d01ddce8ab813200719537702f0931f9e87
- SHA512
  
  2211675f740494a7f34971a475281608aeccda6615ec5b709711be3b5e079fa6f64608680ff9ee483c1b2e1a8270c3510c2940a5af4a2563ef12c764ef72dc6c
- SSDEEP
  
  24576:hbieeUbLA2ft0FPIE7Mygu+OUo7d6eBuum18ioePTk8dFTPfg2hbDh0QFZB6K:BicbUkEXgX+7d6Dpp4AFTgeRB6
Score

10^/10

stealc mars discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcmarsdiscoveryevasionstealer

behavioral2

stealcmarsdiscoveryevasionstealer