General
-
Target
3e303b758c00f623ff1ccfd6abc322de7e2985b6ec707d5901853d525605902a
-
Size
1.7MB
-
Sample
250127-arpfja1mds
-
MD5
f1e366ad60517378a573ea674a0d3e46
-
SHA1
8c43ca21cdf8db929f625e9a8e645db3dafc8357
-
SHA256
3e303b758c00f623ff1ccfd6abc322de7e2985b6ec707d5901853d525605902a
-
SHA512
f71229b4f35bc884a156a0895c334c6890217860cfb2e4031f7f6ff61671c338d7ed04f98887c8a9841c225c1de03107e38acd5d640243515a6698bddff0048f
-
SSDEEP
24576:oL/D8UctSBtm2/wnZBwrconfk0jnaRcODZH+Hh/igf1h+BlAkR2KCjOzs1d:Ar+2QZ6zn7ODZeHhKgf1EyZOzq
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
3e303b758c00f623ff1ccfd6abc322de7e2985b6ec707d5901853d525605902a
-
Size
1.7MB
-
MD5
f1e366ad60517378a573ea674a0d3e46
-
SHA1
8c43ca21cdf8db929f625e9a8e645db3dafc8357
-
SHA256
3e303b758c00f623ff1ccfd6abc322de7e2985b6ec707d5901853d525605902a
-
SHA512
f71229b4f35bc884a156a0895c334c6890217860cfb2e4031f7f6ff61671c338d7ed04f98887c8a9841c225c1de03107e38acd5d640243515a6698bddff0048f
-
SSDEEP
24576:oL/D8UctSBtm2/wnZBwrconfk0jnaRcODZH+Hh/igf1h+BlAkR2KCjOzs1d:Ar+2QZ6zn7ODZeHhKgf1EyZOzq
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-