General
-
Target
ecb8cfe5d51ff3eff98719dad96cf7d143fb57294d42e2a702b0b179535106a2
-
Size
2.8MB
-
Sample
241226-lq5a5sspdm
-
MD5
6bd56ec3800953b10c705363fa41c135
-
SHA1
a01aaa8823fa117ca7583ca8c4b39c545a0d63d9
-
SHA256
ecb8cfe5d51ff3eff98719dad96cf7d143fb57294d42e2a702b0b179535106a2
-
SHA512
b52f55556f001d3e1576f1fd9be57a175f7609f32a64e2c9912a5c0c0b2c4c62f4a8dea470dbb6aae64f0767136909842622c2a6d2befd8aef1126996acb1ecd
-
SSDEEP
49152:1AMqSN+38/Xk8FhxHnahf0f4SbR3Dkm59ws4/jrAkzkHwPh7:1ArSu8/Xk8Fhx6V0f4SbFz74/PPgHwPB
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
ecb8cfe5d51ff3eff98719dad96cf7d143fb57294d42e2a702b0b179535106a2
-
Size
2.8MB
-
MD5
6bd56ec3800953b10c705363fa41c135
-
SHA1
a01aaa8823fa117ca7583ca8c4b39c545a0d63d9
-
SHA256
ecb8cfe5d51ff3eff98719dad96cf7d143fb57294d42e2a702b0b179535106a2
-
SHA512
b52f55556f001d3e1576f1fd9be57a175f7609f32a64e2c9912a5c0c0b2c4c62f4a8dea470dbb6aae64f0767136909842622c2a6d2befd8aef1126996acb1ecd
-
SSDEEP
49152:1AMqSN+38/Xk8FhxHnahf0f4SbR3Dkm59ws4/jrAkzkHwPh7:1ArSu8/Xk8Fhx6V0f4SbFz74/PPgHwPB
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-