stealc | b737427a357c92a53fbea6290fdc2bf008218f45ce637fba8ca958fb062c780e | Triage

Sharing

General

Target

b737427a357c92a53fbea6290fdc2bf008218f45ce637fba8ca958fb062c780e
Size

5.0MB
Sample

250127-je915sxqft
MD5

bcc42307c534754275cf097c29c75242
SHA1

94bbeb39b9912182071d61b0645f45939baa4e8b
SHA256

b737427a357c92a53fbea6290fdc2bf008218f45ce637fba8ca958fb062c780e
SHA512

4e7530fd2b362221dc19e1eafcea5713e2870e235d8a217e8130136808e8c8198f6fb8105586c64b9f45523de2dfb38908cda34ceeaca1db5f849fdc8f433007
SSDEEP

49152:hEOc/i01yKCNg48nqW3bB7JH3+MVFfTP0pU3Va9:hHc/5YK8ByqWLB7JH9j78X

Score

10^/10

stealc stok defense_evasion discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  b737427a357c92a53fbea6290fdc2bf008218f45ce637fba8ca958fb062c780e
- Size
  
  5.0MB
- MD5
  
  bcc42307c534754275cf097c29c75242
- SHA1
  
  94bbeb39b9912182071d61b0645f45939baa4e8b
- SHA256
  
  b737427a357c92a53fbea6290fdc2bf008218f45ce637fba8ca958fb062c780e
- SHA512
  
  4e7530fd2b362221dc19e1eafcea5713e2870e235d8a217e8130136808e8c8198f6fb8105586c64b9f45523de2dfb38908cda34ceeaca1db5f849fdc8f433007
- SSDEEP
  
  49152:hEOc/i01yKCNg48nqW3bB7JH3+MVFfTP0pU3Va9:hHc/5YK8ByqWLB7JH9j78X
Score

10^/10

stealc stok defense_evasion stealer discovery
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcstokdefense_evasionstealer

behavioral2

stealcstokdefense_evasiondiscoverystealer