stealc | 31fa2d30829b1edde94cc00cac6af01bf9075cb7dba356301566624f586aa2c1 | Triage

Sharing

General

Target

31fa2d30829b1edde94cc00cac6af01bf9075cb7dba356301566624f586aa2c1
Size

1.7MB
Sample

241210-w9ngvatkgw
MD5

3a76ab70c01da0f818f89bfe4e904ee3
SHA1

c0ebf4afaae2542f315c72853aaaab84e1a59874
SHA256

31fa2d30829b1edde94cc00cac6af01bf9075cb7dba356301566624f586aa2c1
SHA512

06ad07e86e5a896768792c77197f0029489f81d55c71874d94f5f718a3cf55bc3f2740e0f43479deea3fae49ce1adf5baf5b03227162fb827303af2c14c0a867
SSDEEP

24576:3/W9aHhoKroal0+5Z+WRmxF+KsRp8JPsFJnqvNqChsjTrQQ5NOVRCiS/us1z1FzT:3ugHhoMzN5cWvqVsSvACyjnQQ5NOPq

Score

10^/10

stealc stok discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  31fa2d30829b1edde94cc00cac6af01bf9075cb7dba356301566624f586aa2c1
- Size
  
  1.7MB
- MD5
  
  3a76ab70c01da0f818f89bfe4e904ee3
- SHA1
  
  c0ebf4afaae2542f315c72853aaaab84e1a59874
- SHA256
  
  31fa2d30829b1edde94cc00cac6af01bf9075cb7dba356301566624f586aa2c1
- SHA512
  
  06ad07e86e5a896768792c77197f0029489f81d55c71874d94f5f718a3cf55bc3f2740e0f43479deea3fae49ce1adf5baf5b03227162fb827303af2c14c0a867
- SSDEEP
  
  24576:3/W9aHhoKroal0+5Z+WRmxF+KsRp8JPsFJnqvNqChsjTrQQ5NOVRCiS/us1z1FzT:3ugHhoMzN5cWvqVsSvACyjnQQ5NOPq
Score

10^/10

stealc stok discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcstokdiscoveryevasionstealer

behavioral2

stealcstokdiscoveryevasionstealer