General
-
Target
7748b1bcb3e80de9058f023a7a490b9bdf9bbdab59b17c3351a84feb21c6056d.exe
-
Size
1.7MB
-
Sample
241211-dcty9aspgw
-
MD5
319888df2e3f79f5dd0a3cdbfccddc03
-
SHA1
0196ee658ff0320a5caca2d3d99d8365aebd2ab5
-
SHA256
7748b1bcb3e80de9058f023a7a490b9bdf9bbdab59b17c3351a84feb21c6056d
-
SHA512
37a8116026113102bee0e0dcee9833774fff2372f4ab5dbab210aafc2daed8e961fdaa1458a8c0dec8a5c0561cfeecebd7cc31755f522b2735c8e4389fe0d1ae
-
SSDEEP
24576:t3zWzM1zlwIyi4Bz61K4b0XVPjoIkv8iYq93dK0vhPIuwX7EtLpPUaoG5aROs:t3SMdCIyjz67Kxl3iThvhPIu1lD/S
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
7748b1bcb3e80de9058f023a7a490b9bdf9bbdab59b17c3351a84feb21c6056d.exe
-
Size
1.7MB
-
MD5
319888df2e3f79f5dd0a3cdbfccddc03
-
SHA1
0196ee658ff0320a5caca2d3d99d8365aebd2ab5
-
SHA256
7748b1bcb3e80de9058f023a7a490b9bdf9bbdab59b17c3351a84feb21c6056d
-
SHA512
37a8116026113102bee0e0dcee9833774fff2372f4ab5dbab210aafc2daed8e961fdaa1458a8c0dec8a5c0561cfeecebd7cc31755f522b2735c8e4389fe0d1ae
-
SSDEEP
24576:t3zWzM1zlwIyi4Bz61K4b0XVPjoIkv8iYq93dK0vhPIuwX7EtLpPUaoG5aROs:t3SMdCIyjz67Kxl3iThvhPIu1lD/S
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-