stealc | f7df3bbf114ddb67167ed7b1bbea2ce1a575b0cba8d5b54a21a59b662dfd5139 | Triage

Sharing

General

Target

f7df3bbf114ddb67167ed7b1bbea2ce1a575b0cba8d5b54a21a59b662dfd5139.exe
Size

1.7MB
Sample

241214-rjk7ksvjf1
MD5

91c87d6521355c02422acb98aea28b43
SHA1

71f5a66b2d645b355e675ce458f302b192da214b
SHA256

f7df3bbf114ddb67167ed7b1bbea2ce1a575b0cba8d5b54a21a59b662dfd5139
SHA512

dea14418513777047d89268e316fa71a2f17f3cdd7d912688302ee332b4a15343ee4a0bf515beb308b58ea742b905b5e29f57531fcf8da1d3d83708ce8cab1a5
SSDEEP

49152:rF60ad127GTPoq6IHg7SfyaVoIndGruuLzv:rI0addTO8gUyaVrd+N

Score

10^/10

stealc stok discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  f7df3bbf114ddb67167ed7b1bbea2ce1a575b0cba8d5b54a21a59b662dfd5139.exe
- Size
  
  1.7MB
- MD5
  
  91c87d6521355c02422acb98aea28b43
- SHA1
  
  71f5a66b2d645b355e675ce458f302b192da214b
- SHA256
  
  f7df3bbf114ddb67167ed7b1bbea2ce1a575b0cba8d5b54a21a59b662dfd5139
- SHA512
  
  dea14418513777047d89268e316fa71a2f17f3cdd7d912688302ee332b4a15343ee4a0bf515beb308b58ea742b905b5e29f57531fcf8da1d3d83708ce8cab1a5
- SSDEEP
  
  49152:rF60ad127GTPoq6IHg7SfyaVoIndGruuLzv:rI0addTO8gUyaVrd+N
Score

10^/10

stealc stok discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcstokdiscoveryevasionstealer

behavioral2

stealcstokdiscoveryevasionstealer