General
-
Target
3ab8b9c2da3a389ae1291f15452c1f5746e0e25bd0ddcd970e6093bd9e9345e0.exe
-
Size
1.7MB
-
Sample
241124-mzzyfssmdk
-
MD5
a66862a3db5d4836780035db6f5ef76c
-
SHA1
02e270f4c70e717e3ce75a558ed28f58598f52d5
-
SHA256
3ab8b9c2da3a389ae1291f15452c1f5746e0e25bd0ddcd970e6093bd9e9345e0
-
SHA512
bc27dc22fcd7f4b871a46f0d9fd0a795e714b5b4d57313738ba9e6883b7a0ad33a14ecbf8f9ac999d109094e63b49d5568c2cbaef3679623f205210fb10be9e8
-
SSDEEP
49152:tw20saa8GDgxrrPlNLV8b8VqeZ+gb/tG52T4jhpQIDY7l:twBa8rfV3+83yhWeYp
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
3ab8b9c2da3a389ae1291f15452c1f5746e0e25bd0ddcd970e6093bd9e9345e0.exe
-
Size
1.7MB
-
MD5
a66862a3db5d4836780035db6f5ef76c
-
SHA1
02e270f4c70e717e3ce75a558ed28f58598f52d5
-
SHA256
3ab8b9c2da3a389ae1291f15452c1f5746e0e25bd0ddcd970e6093bd9e9345e0
-
SHA512
bc27dc22fcd7f4b871a46f0d9fd0a795e714b5b4d57313738ba9e6883b7a0ad33a14ecbf8f9ac999d109094e63b49d5568c2cbaef3679623f205210fb10be9e8
-
SSDEEP
49152:tw20saa8GDgxrrPlNLV8b8VqeZ+gb/tG52T4jhpQIDY7l:twBa8rfV3+83yhWeYp
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-