stealc | fee071d41f0357fcd54df7592d7d872f6627daaa111fc44ae34b73681f6fccdb | Triage

Sharing

General

Target

fee071d41f0357fcd54df7592d7d872f6627daaa111fc44ae34b73681f6fccdb.exe
Size

1.7MB
Sample

241210-efzjkssrgv
MD5

25663f093ebd742e906f2ea9731d1d40
SHA1

c1704d6a226e74989aa7e488874d8c183f8c50d9
SHA256

fee071d41f0357fcd54df7592d7d872f6627daaa111fc44ae34b73681f6fccdb
SHA512

bfe45cd09c18b174144ee3691d12804b9592977e0095f4b1a29b3c63575ddc058dcd1d6531400b6f1be0462e1f7d1bc97d285d9fb9c683c93349f1b011f5382f
SSDEEP

49152:4WqEDoFAsU8jp4Prwp4V8qdfyc1ZBQnYWeBoA8tL+:43u0AsLd4PnV8qdfD1jcYW+8tL+

Score

10^/10

stealc stok discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  fee071d41f0357fcd54df7592d7d872f6627daaa111fc44ae34b73681f6fccdb.exe
- Size
  
  1.7MB
- MD5
  
  25663f093ebd742e906f2ea9731d1d40
- SHA1
  
  c1704d6a226e74989aa7e488874d8c183f8c50d9
- SHA256
  
  fee071d41f0357fcd54df7592d7d872f6627daaa111fc44ae34b73681f6fccdb
- SHA512
  
  bfe45cd09c18b174144ee3691d12804b9592977e0095f4b1a29b3c63575ddc058dcd1d6531400b6f1be0462e1f7d1bc97d285d9fb9c683c93349f1b011f5382f
- SSDEEP
  
  49152:4WqEDoFAsU8jp4Prwp4V8qdfyc1ZBQnYWeBoA8tL+:43u0AsLd4PnV8qdfD1jcYW+8tL+
Score

10^/10

stealc stok discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcstokdiscoveryevasionstealer

behavioral2

stealcstokdiscoveryevasionstealer