stealc | 8e0e04a7852a19f9eb21f1378bc6274513b2e6bfe85e365c6d87bab526458da3 | Triage

Sharing

General

Target

8e0e04a7852a19f9eb21f1378bc6274513b2e6bfe85e365c6d87bab526458da3.exe
Size

1.7MB
Sample

241211-df56pasrev
MD5

f4e2be12537b2c2f21c1dd0dfde2802f
SHA1

9dae469467f6671eab28703f1d41d4d4b42141e5
SHA256

8e0e04a7852a19f9eb21f1378bc6274513b2e6bfe85e365c6d87bab526458da3
SHA512

f725809d847d194a7728fba33e743bb04e7ca81b47f97c3dea89c84d702aa3b2bf2e225fb964e2cc11b6d7a2384d5ba6ade5fbc6f981b5d9a439219e9e9564ba
SSDEEP

49152:xlA0RYGliHK8veJHSDyqI8Mhp9zFiaGJu76A2afDz3:xl1RXlbSDyqI84p9zUi/v

Score

10^/10

stealc stok discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  8e0e04a7852a19f9eb21f1378bc6274513b2e6bfe85e365c6d87bab526458da3.exe
- Size
  
  1.7MB
- MD5
  
  f4e2be12537b2c2f21c1dd0dfde2802f
- SHA1
  
  9dae469467f6671eab28703f1d41d4d4b42141e5
- SHA256
  
  8e0e04a7852a19f9eb21f1378bc6274513b2e6bfe85e365c6d87bab526458da3
- SHA512
  
  f725809d847d194a7728fba33e743bb04e7ca81b47f97c3dea89c84d702aa3b2bf2e225fb964e2cc11b6d7a2384d5ba6ade5fbc6f981b5d9a439219e9e9564ba
- SSDEEP
  
  49152:xlA0RYGliHK8veJHSDyqI8Mhp9zFiaGJu76A2afDz3:xl1RXlbSDyqI84p9zUi/v
Score

10^/10

stealc stok discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcstokdiscoveryevasionstealer

behavioral2

stealcstokdiscoveryevasionstealer