General
-
Target
e9b37653e9dc29f692778fbbb88e970afbeaad574855255ca278eda13d79e001
-
Size
1.8MB
-
Sample
241212-ppvbbstphx
-
MD5
d21609e703999b87040f7a9b6237f5e8
-
SHA1
1fe2bd28aa876fa28fa9cd33f51f00fc82b8b3d5
-
SHA256
e9b37653e9dc29f692778fbbb88e970afbeaad574855255ca278eda13d79e001
-
SHA512
07ce349bfd56a57c5e5524781d34f2df0ec0d65f88934114100f8094d3f0fa47b029dac14c55f2864207fbd7923cdbda3fda5df7bcaf9c41c9b1417ec1d08b3c
-
SSDEEP
49152:OofRfMoPyGqpLHU1r1MPuXh8AXhbB5AsYw7JQF:pWbBlHU1yPw5BDZq
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
e9b37653e9dc29f692778fbbb88e970afbeaad574855255ca278eda13d79e001
-
Size
1.8MB
-
MD5
d21609e703999b87040f7a9b6237f5e8
-
SHA1
1fe2bd28aa876fa28fa9cd33f51f00fc82b8b3d5
-
SHA256
e9b37653e9dc29f692778fbbb88e970afbeaad574855255ca278eda13d79e001
-
SHA512
07ce349bfd56a57c5e5524781d34f2df0ec0d65f88934114100f8094d3f0fa47b029dac14c55f2864207fbd7923cdbda3fda5df7bcaf9c41c9b1417ec1d08b3c
-
SSDEEP
49152:OofRfMoPyGqpLHU1r1MPuXh8AXhbB5AsYw7JQF:pWbBlHU1yPw5BDZq
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-