General
-
Target
22a7b5fc61cf54485bd374a221386b1c2675f7eb4b1428677ff86b3add14238e
-
Size
1.7MB
-
Sample
241212-pvmhnstrct
-
MD5
9083cdf00ff3295432676d6ee4c6c9f4
-
SHA1
2f83025aaf303478fb07cf9fd9630ca3874e6163
-
SHA256
22a7b5fc61cf54485bd374a221386b1c2675f7eb4b1428677ff86b3add14238e
-
SHA512
b1a3bd15d30dc60e6aa3bd027e39be463a7f026815f66b84a44bc93cb1b89e42211b5352b5cc44e2e46c7fa9f43f6d888c9678fa6cbe7679e2d8f1be35d8d942
-
SSDEEP
49152:i5imbU8QytcdlG8cj2//kmwquf+uxXW+28mO:UQuGWjoM3r6
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
22a7b5fc61cf54485bd374a221386b1c2675f7eb4b1428677ff86b3add14238e
-
Size
1.7MB
-
MD5
9083cdf00ff3295432676d6ee4c6c9f4
-
SHA1
2f83025aaf303478fb07cf9fd9630ca3874e6163
-
SHA256
22a7b5fc61cf54485bd374a221386b1c2675f7eb4b1428677ff86b3add14238e
-
SHA512
b1a3bd15d30dc60e6aa3bd027e39be463a7f026815f66b84a44bc93cb1b89e42211b5352b5cc44e2e46c7fa9f43f6d888c9678fa6cbe7679e2d8f1be35d8d942
-
SSDEEP
49152:i5imbU8QytcdlG8cj2//kmwquf+uxXW+28mO:UQuGWjoM3r6
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-