General
-
Target
53068c02785c7df5d463246941352fbf7351dfc28cdd313146674cebeb36c6d6
-
Size
1.7MB
-
Sample
250127-dej7tsyjdr
-
MD5
b374bfb27e24a60c2eafb736fe705761
-
SHA1
56ba69d57750b3a5b6e3e04515370edba541fdb0
-
SHA256
53068c02785c7df5d463246941352fbf7351dfc28cdd313146674cebeb36c6d6
-
SHA512
5f90a276b479f5732c9c3e34d352b62167e2c39015fa2ce7c2ec073a352d701567aa0f955f575c23940d24bd1452d269a9539f1002a476663cee1ae31ec01c4d
-
SSDEEP
49152:F+WkqVyIR+l09Z8rL2nccykoiZs9CHugOlK:FpbVyIR+lIikoiBHugOlK
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
53068c02785c7df5d463246941352fbf7351dfc28cdd313146674cebeb36c6d6
-
Size
1.7MB
-
MD5
b374bfb27e24a60c2eafb736fe705761
-
SHA1
56ba69d57750b3a5b6e3e04515370edba541fdb0
-
SHA256
53068c02785c7df5d463246941352fbf7351dfc28cdd313146674cebeb36c6d6
-
SHA512
5f90a276b479f5732c9c3e34d352b62167e2c39015fa2ce7c2ec073a352d701567aa0f955f575c23940d24bd1452d269a9539f1002a476663cee1ae31ec01c4d
-
SSDEEP
49152:F+WkqVyIR+l09Z8rL2nccykoiZs9CHugOlK:FpbVyIR+lIikoiBHugOlK
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-