General
-
Target
093b4e949d5d1cc9bbefce47d5dfd85ce66936f5ca616f6ab67e87f32c6927bf
-
Size
1.7MB
-
Sample
250126-zkd4natral
-
MD5
8c17c01b5f71d43e589090f60c268c87
-
SHA1
4771bfc3d92339f2b13ede8f2a099de86b6acdd3
-
SHA256
093b4e949d5d1cc9bbefce47d5dfd85ce66936f5ca616f6ab67e87f32c6927bf
-
SHA512
11c83623a029cabbfd624b3205636312bed404cd1138b692dcb8fd074b681f90d90d8e1fdbd5d8bcfa2d3482aec92ce56e1f3d56f012ae28ea70ef89737ea036
-
SSDEEP
49152:Sb6CRw8ZN9i06U+n3EAhzxAcGRIKvqfxnvxdgLnswy:Sb6SZN9tZ00WdAJIXM
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
093b4e949d5d1cc9bbefce47d5dfd85ce66936f5ca616f6ab67e87f32c6927bf
-
Size
1.7MB
-
MD5
8c17c01b5f71d43e589090f60c268c87
-
SHA1
4771bfc3d92339f2b13ede8f2a099de86b6acdd3
-
SHA256
093b4e949d5d1cc9bbefce47d5dfd85ce66936f5ca616f6ab67e87f32c6927bf
-
SHA512
11c83623a029cabbfd624b3205636312bed404cd1138b692dcb8fd074b681f90d90d8e1fdbd5d8bcfa2d3482aec92ce56e1f3d56f012ae28ea70ef89737ea036
-
SSDEEP
49152:Sb6CRw8ZN9i06U+n3EAhzxAcGRIKvqfxnvxdgLnswy:Sb6SZN9tZ00WdAJIXM
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-