General
-
Target
96be34e4d24ac78332b1fe4448f582df0c88b1b6087a9c36a8fe6a132c8a27be
-
Size
1.8MB
-
Sample
250127-gt3jhavldw
-
MD5
334d7053c24fb659f9fb6eac63709e36
-
SHA1
fdecff0c2d8cbbe5744c2aa96ca4bee094ee3017
-
SHA256
96be34e4d24ac78332b1fe4448f582df0c88b1b6087a9c36a8fe6a132c8a27be
-
SHA512
6b53cad41401ec0b8b880ffd1dceaf1d36224773111a9ad09bd71446982ad0edbdaf6704e076a1759185455f5cf72e4c169b61b2d61c15642b3ea0bb21634cdf
-
SSDEEP
49152:6lJcRimYCgvvZgySGaADdjznZtlOoY/+sauV:KEimY/vhSSfwoYY0
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
96be34e4d24ac78332b1fe4448f582df0c88b1b6087a9c36a8fe6a132c8a27be
-
Size
1.8MB
-
MD5
334d7053c24fb659f9fb6eac63709e36
-
SHA1
fdecff0c2d8cbbe5744c2aa96ca4bee094ee3017
-
SHA256
96be34e4d24ac78332b1fe4448f582df0c88b1b6087a9c36a8fe6a132c8a27be
-
SHA512
6b53cad41401ec0b8b880ffd1dceaf1d36224773111a9ad09bd71446982ad0edbdaf6704e076a1759185455f5cf72e4c169b61b2d61c15642b3ea0bb21634cdf
-
SSDEEP
49152:6lJcRimYCgvvZgySGaADdjznZtlOoY/+sauV:KEimY/vhSSfwoYY0
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-