General
-
Target
aa7218dd05b2c00fc9c452f8e1b6da4a2f7a9cc28159e885978338572389ef27
-
Size
1.8MB
-
Sample
250127-evtxms1qbk
-
MD5
1d347b2007eb465b8a6b60e04e2f1eb1
-
SHA1
cab8b0c2195b530284178c584c259f3be7609459
-
SHA256
aa7218dd05b2c00fc9c452f8e1b6da4a2f7a9cc28159e885978338572389ef27
-
SHA512
964896975d7cadf336acba1779664dd2035a5693c9b03831f57ff99c7be01779bdc754e3f53c36905a88aaa75fbc6f88f01ee2cf480f1f47d033c1e921018339
-
SSDEEP
49152:C8Eb3WwhRSjba010L4Vjl+jnfiXuoryocesmk:apMbaAVjczIC
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
aa7218dd05b2c00fc9c452f8e1b6da4a2f7a9cc28159e885978338572389ef27
-
Size
1.8MB
-
MD5
1d347b2007eb465b8a6b60e04e2f1eb1
-
SHA1
cab8b0c2195b530284178c584c259f3be7609459
-
SHA256
aa7218dd05b2c00fc9c452f8e1b6da4a2f7a9cc28159e885978338572389ef27
-
SHA512
964896975d7cadf336acba1779664dd2035a5693c9b03831f57ff99c7be01779bdc754e3f53c36905a88aaa75fbc6f88f01ee2cf480f1f47d033c1e921018339
-
SSDEEP
49152:C8Eb3WwhRSjba010L4Vjl+jnfiXuoryocesmk:apMbaAVjczIC
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-