stealc | 605d8ff14cbc4fd21c860371f046c9812414b41ca0beec6ed9fc294000fbd4a8 | Triage

Sharing

General

Target

605d8ff14cbc4fd21c860371f046c9812414b41ca0beec6ed9fc294000fbd4a8
Size

5.0MB
Sample

250127-g9ykgsvret
MD5

4c44fd974b119681f69872a1483b411b
SHA1

c3a8e48524af6b4d9732b0f778408d2e2b1e4dd5
SHA256

605d8ff14cbc4fd21c860371f046c9812414b41ca0beec6ed9fc294000fbd4a8
SHA512

af515feb1e4bab390a7225c5fcf97a4ecc17835d0abafcd617aab157c023fe4cfbb6f7b982eb170749a003024a43c81d1f543a317d11c7af5e8a081fc63a2f95
SSDEEP

49152:QakARh8DV+4nanRZEfss4/nvLjZcnFl8RTD/:DXRSDM4naRZEfssynvfZkz8VD/

Score

10^/10

stealc stok defense_evasion discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  605d8ff14cbc4fd21c860371f046c9812414b41ca0beec6ed9fc294000fbd4a8
- Size
  
  5.0MB
- MD5
  
  4c44fd974b119681f69872a1483b411b
- SHA1
  
  c3a8e48524af6b4d9732b0f778408d2e2b1e4dd5
- SHA256
  
  605d8ff14cbc4fd21c860371f046c9812414b41ca0beec6ed9fc294000fbd4a8
- SHA512
  
  af515feb1e4bab390a7225c5fcf97a4ecc17835d0abafcd617aab157c023fe4cfbb6f7b982eb170749a003024a43c81d1f543a317d11c7af5e8a081fc63a2f95
- SSDEEP
  
  49152:QakARh8DV+4nanRZEfss4/nvLjZcnFl8RTD/:DXRSDM4naRZEfssynvfZkz8VD/
Score

10^/10

stealc stok defense_evasion stealer discovery
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcstokdefense_evasionstealer

behavioral2

stealcstokdefense_evasiondiscoverystealer