stealc | a63c8da0504eb526d7a28d684872a1aca575819f46a0ecef131d30ac2d6da4ed | Triage

Resubmissions

07-12-2024 21:44

241207-1lqdra1jfk 10

07-12-2024 11:58

241207-n456ps1pf1 10

Sharing

General

Target

file.exe
Size

5.0MB
Sample

241207-1lqdra1jfk
MD5

2704b8659485a783c81f96440f2f5ca4
SHA1

d8883d8802dd0363cc505cbae99d3c37fa83b283
SHA256

a63c8da0504eb526d7a28d684872a1aca575819f46a0ecef131d30ac2d6da4ed
SHA512

84bb63aeaf561b26b86475f4eedd99b368f697bc760afe9f16557a585cf4e747d6d8b68f0fd27af0883fd6d81386e5304d49bfee4d365820b6c2fce6218d3284
SSDEEP

49152:63T9U3oVHLbwpaN4j7fMljwRMyWrMQFn:ET9goVrbv4j7EpuTAF

Score

10^/10

stealc drum discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

drum

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  file.exe
- Size
  
  5.0MB
- MD5
  
  2704b8659485a783c81f96440f2f5ca4
- SHA1
  
  d8883d8802dd0363cc505cbae99d3c37fa83b283
- SHA256
  
  a63c8da0504eb526d7a28d684872a1aca575819f46a0ecef131d30ac2d6da4ed
- SHA512
  
  84bb63aeaf561b26b86475f4eedd99b368f697bc760afe9f16557a585cf4e747d6d8b68f0fd27af0883fd6d81386e5304d49bfee4d365820b6c2fce6218d3284
- SSDEEP
  
  49152:63T9U3oVHLbwpaN4j7fMljwRMyWrMQFn:ET9goVrbv4j7EpuTAF
Score

10^/10

stealc drum discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdrumdiscoveryevasionstealer