General
-
Target
b419f147db64a0a4b40dcefb1f3b3d8e8615216b126575f47d1410116b777c04
-
Size
1.7MB
-
Sample
250126-2cpxaswrbs
-
MD5
15e319099fbab9989d61bf004efaba62
-
SHA1
612c52009588f8582021af35152f7fcd429909fd
-
SHA256
b419f147db64a0a4b40dcefb1f3b3d8e8615216b126575f47d1410116b777c04
-
SHA512
77ae5f87f39755b8dfb2d02ee55cd031164ce1f6baba6b06211f9301895781622ef62675da62aae78d75f34281e6e6092d695fb0c1b84f38083199f70cd7c0ad
-
SSDEEP
49152:0NQ9a9bdEaSxJv3LEJhn/a82bXwTJQDAXmkG:0sa9bdEbKJ5/a8YwTJQ4mn
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
b419f147db64a0a4b40dcefb1f3b3d8e8615216b126575f47d1410116b777c04
-
Size
1.7MB
-
MD5
15e319099fbab9989d61bf004efaba62
-
SHA1
612c52009588f8582021af35152f7fcd429909fd
-
SHA256
b419f147db64a0a4b40dcefb1f3b3d8e8615216b126575f47d1410116b777c04
-
SHA512
77ae5f87f39755b8dfb2d02ee55cd031164ce1f6baba6b06211f9301895781622ef62675da62aae78d75f34281e6e6092d695fb0c1b84f38083199f70cd7c0ad
-
SSDEEP
49152:0NQ9a9bdEaSxJv3LEJhn/a82bXwTJQDAXmkG:0sa9bdEbKJ5/a8YwTJQ4mn
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-