General
-
Target
89855de8b804ede1617efa82b37803fe5b07e96763cb190140164e44942a0ffe
-
Size
1.7MB
-
Sample
241210-zsbnhatmbj
-
MD5
d29fe9bbf311ddbd5467cf4d545ea0b6
-
SHA1
7bbbe4bf8a24eaad27948bfe9b69f42973678ea5
-
SHA256
89855de8b804ede1617efa82b37803fe5b07e96763cb190140164e44942a0ffe
-
SHA512
4f6b34c4e0cd20c2b2f2541df141df037f851b6a23091bfb8adb2366b23b548a47ae9dd62b0178c5249d81f84739d82762ffecb65644ff90b97755766ebe57b6
-
SSDEEP
49152:8GhMU+Pnkps4vigSVlG9MXPzyzKTO+XBC2:8AimcVlGcy+O+XB9
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
89855de8b804ede1617efa82b37803fe5b07e96763cb190140164e44942a0ffe
-
Size
1.7MB
-
MD5
d29fe9bbf311ddbd5467cf4d545ea0b6
-
SHA1
7bbbe4bf8a24eaad27948bfe9b69f42973678ea5
-
SHA256
89855de8b804ede1617efa82b37803fe5b07e96763cb190140164e44942a0ffe
-
SHA512
4f6b34c4e0cd20c2b2f2541df141df037f851b6a23091bfb8adb2366b23b548a47ae9dd62b0178c5249d81f84739d82762ffecb65644ff90b97755766ebe57b6
-
SSDEEP
49152:8GhMU+Pnkps4vigSVlG9MXPzyzKTO+XBC2:8AimcVlGcy+O+XB9
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-