General
-
Target
bef9044dce2ca568561e20ecc61d63ac7dbcee6dcc28bf23a484ccd75a1386c6
-
Size
1.7MB
-
Sample
250126-1cg11svkbt
-
MD5
01aabc37fa5d6938076f13121c05d8d6
-
SHA1
09faad6dacb6dc2cd2e4ff58bc6bf74644c09232
-
SHA256
bef9044dce2ca568561e20ecc61d63ac7dbcee6dcc28bf23a484ccd75a1386c6
-
SHA512
9ae84f9f69f2334510a0992f312d49e5a60becdf57037e1a1f67a16bdaffa60acc86b0d77592d832122c5b6f1cb46960ba7c6ebe2725f162455db88d33ba0417
-
SSDEEP
49152:QmID3locP+MZXKCtX69cBgou3/HVvPlG62:QmIVocVXKyHVmPlGD
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
bef9044dce2ca568561e20ecc61d63ac7dbcee6dcc28bf23a484ccd75a1386c6
-
Size
1.7MB
-
MD5
01aabc37fa5d6938076f13121c05d8d6
-
SHA1
09faad6dacb6dc2cd2e4ff58bc6bf74644c09232
-
SHA256
bef9044dce2ca568561e20ecc61d63ac7dbcee6dcc28bf23a484ccd75a1386c6
-
SHA512
9ae84f9f69f2334510a0992f312d49e5a60becdf57037e1a1f67a16bdaffa60acc86b0d77592d832122c5b6f1cb46960ba7c6ebe2725f162455db88d33ba0417
-
SSDEEP
49152:QmID3locP+MZXKCtX69cBgou3/HVvPlG62:QmIVocVXKyHVmPlGD
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-