stealc | 7d10f310add62c23de4ef7ef7221f2884f10b773a26e3a371ce7c8b6f9fea653 | Triage

Sharing

General

Target

95971c759ebca3d179ab9305188360cf.bin
Size

1.7MB
Sample

241124-byny1sxlaw
MD5

b53fe5f8b91c9f3194ddb5e593f2fc9f
SHA1

1d224675c210b84438569fac70e70e4472a6264b
SHA256

7d10f310add62c23de4ef7ef7221f2884f10b773a26e3a371ce7c8b6f9fea653
SHA512

71d4c58f915f44e49300f7c9d61388d961e3a8155d450028069e6616111df25291b76232ac42f4fb5449d5bbdf111dc1d375f3a9bed5b07cd8c014187fbf4045
SSDEEP

49152:oJ9aEGwUNRTAz4b3zM3cmddkuLGHPEYmYwF:GTUCkDzmNfNYmLF

Score

10^/10

stealc mars discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  82c9c6fb94030e3955091fc37523491c98325ed84adf8a3116c3ab79efddb4ac.exe
- Size
  
  1.7MB
- MD5
  
  95971c759ebca3d179ab9305188360cf
- SHA1
  
  8bfac4ee7175aa24dfa9e308840f4245efc0c3f9
- SHA256
  
  82c9c6fb94030e3955091fc37523491c98325ed84adf8a3116c3ab79efddb4ac
- SHA512
  
  da6669201c845626183cf6abb4f4b40c91f44bbac1115e856903317ee3febb62cf340acd77b27a1dbab0e9d6c74108b3ef0304728d6e46056cacd4a0da2c6dd6
- SSDEEP
  
  24576:zTsRmAqTki8jQGppX/frO5mAAmjzK8DtH+oBqvST/kIc0E7O7quwKkxe:cRcTQ95rO55A2zK8xeoBqEsIya6Kh
Score

10^/10

stealc mars discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcmarsdiscoveryevasionstealer

behavioral2

stealcmarsdiscoveryevasionstealer