General
-
Target
4e1aeb2af7f03489910191a52ca62e9d.bin
-
Size
1.7MB
-
Sample
241214-blvwsssnay
-
MD5
ba559159cddfe7b06fd9d1ad20e420de
-
SHA1
6b217f0cf67853890af363e62e89cf9d91cd80c7
-
SHA256
4d957820280ccdd5646596c10e9a85e712bffdac57e5f04419f65256f9d07fef
-
SHA512
30f033cf2a480b3fb37a6b09ea6f97476c441b1823b464d47a3a9ee5fba353b60f16ef14d89e064a94c2cf3ee2c2afc41b790cae3a1962f4f446068ee6772ff0
-
SSDEEP
24576:qzbbE/MHqCmzj1gvPj4y1lU5YBQ5C2xAgRYswZI7ynD5uEsh6bhMkSXevIeSRXO4:0bbEzxj1tqB3Wlrqz/hMkww7hwskIQp
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
8542a31a1ac10834026660ffab1ceb88d1cf399a802f63bdca797750b7819004.exe
-
Size
1.7MB
-
MD5
4e1aeb2af7f03489910191a52ca62e9d
-
SHA1
19aa302c12320006830d98435904f87dbb6fda37
-
SHA256
8542a31a1ac10834026660ffab1ceb88d1cf399a802f63bdca797750b7819004
-
SHA512
a7b04afc4dd5943ba821c4daf9ec234a00889a5300bc7726f44df79c163b13b3db579943d1e8629cfd952c89f1e0debd0060e80daab0c1fb5bd0acd15ab34dc1
-
SSDEEP
24576:cWz3vyiqbde7wCACQE4cug6yxyFIrT5ALuZWmiZAVFoMD9fndFeGetegxST2:c6/6bSrAdE9XxyiTesWTAllGTxS
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-