General
-
Target
b1eef09ad2077096f9c8dab355ea27c2faea57a1ea217147aba402f9d77b9a15
-
Size
1.7MB
-
Sample
250126-zcjdeaspfs
-
MD5
d0855422158ad818c31272d070384843
-
SHA1
b4961231eb0bb1f18eb32b7e70608fd592274bf9
-
SHA256
b1eef09ad2077096f9c8dab355ea27c2faea57a1ea217147aba402f9d77b9a15
-
SHA512
c2d2e890751589e92657c8b8550aa092de0b375bf21177d2bfdd5296faede87e5c48b57abaaa8ba85ff9154d1c71c2c9989d97dd01db43eeb5c683902f75238c
-
SSDEEP
49152:JNByELjLU6maRBJ8weUgU4QMG3cCD0fsL2:DDjQ6pJjTL4QMG3cCWsi
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
b1eef09ad2077096f9c8dab355ea27c2faea57a1ea217147aba402f9d77b9a15
-
Size
1.7MB
-
MD5
d0855422158ad818c31272d070384843
-
SHA1
b4961231eb0bb1f18eb32b7e70608fd592274bf9
-
SHA256
b1eef09ad2077096f9c8dab355ea27c2faea57a1ea217147aba402f9d77b9a15
-
SHA512
c2d2e890751589e92657c8b8550aa092de0b375bf21177d2bfdd5296faede87e5c48b57abaaa8ba85ff9154d1c71c2c9989d97dd01db43eeb5c683902f75238c
-
SSDEEP
49152:JNByELjLU6maRBJ8weUgU4QMG3cCD0fsL2:DDjQ6pJjTL4QMG3cCWsi
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-