stealc | 4c36e0283c5d27fb2b9dcd9731165f32a0530062ea9b509bf4e9ca0decaf168e | Triage

Sharing

General

Target

245c81512eb09539e1b3de0f7ae3353c.bin
Size

1.7MB
Sample

241126-bgl34awkht
MD5

5c687e01d5f1f6ad5e424e4ecffaef8d
SHA1

baed8a2ea923aafd4de9024fde39b1e115d9b270
SHA256

4c36e0283c5d27fb2b9dcd9731165f32a0530062ea9b509bf4e9ca0decaf168e
SHA512

bb8e1e08730f3befa328b02c89f31328f2ccc12cdb393c17743114f0355c87d1641df384c9a694bd76937b2b322a2473951632f3dee15e4babddc9c3175cae6e
SSDEEP

49152:V8XaVew527gBjkSgp3FdsuS0+5I+sFOb9+UCCxHZxkUIAbSM:V8KED7OoH1dGI1fIxHZbJ

Score

10^/10

stealc mars discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  753b0e5c394f463e9497e2f396f45c51447984bf3682222aaec0e6247c2b442c.exe
- Size
  
  1.7MB
- MD5
  
  245c81512eb09539e1b3de0f7ae3353c
- SHA1
  
  ccbabc4aff4377d8fb107bd1ff917e91f80800f2
- SHA256
  
  753b0e5c394f463e9497e2f396f45c51447984bf3682222aaec0e6247c2b442c
- SHA512
  
  30830577cfda41729965b6512087dd371a81b7b3ab88abac740a8562a93e422d8439036d074d60dce8bd13b40f682a325ad5b9af0b4e2caca1a7fb53c3b1dbea
- SSDEEP
  
  49152:vsY6r+lUBhBvJaUtJmCyJzjPLxjmGgWg:EY6r+CnB3CHNBmGgW
Score

10^/10

stealc mars discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcmarsdiscoveryevasionstealer

behavioral2

stealcmarsdiscoveryevasionstealer