stealc | 8d6e69f22a4c9dddd870eded41068547d2199eeeca20dbb323b2f2297cf06dd4 | Triage

Sharing

General

Target

8d6e69f22a4c9dddd870eded41068547d2199eeeca20dbb323b2f2297cf06dd4.exe
Size

1.8MB
Sample

250208-lkztgaxlay
MD5

b474205a1418af0f5f40c508c0b771ce
SHA1

427d290a18e7904b9732839b2eec9f8f01e8e5cc
SHA256

8d6e69f22a4c9dddd870eded41068547d2199eeeca20dbb323b2f2297cf06dd4
SHA512

efa447394d0bd4277f5a3450d72e470edc2d36b63b76cdf6d680fbdb1c97eb59e7eb84e9272d69d6c73838113d4ef77f9b58db285258672770473feccd593977
SSDEEP

24576:zjm0CV+B6ec8h94sCyifbazMhFfvwsUt1LgnaIjQplsuQtOv+FvrQMsXbYoKhWfD:7zHGyifmzGRk6a5LKwWFv55of9HnFM0p

Score

10^/10

stealc kira defense_evasion discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

kira

C2

http://185.215.113.115

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  8d6e69f22a4c9dddd870eded41068547d2199eeeca20dbb323b2f2297cf06dd4.exe
- Size
  
  1.8MB
- MD5
  
  b474205a1418af0f5f40c508c0b771ce
- SHA1
  
  427d290a18e7904b9732839b2eec9f8f01e8e5cc
- SHA256
  
  8d6e69f22a4c9dddd870eded41068547d2199eeeca20dbb323b2f2297cf06dd4
- SHA512
  
  efa447394d0bd4277f5a3450d72e470edc2d36b63b76cdf6d680fbdb1c97eb59e7eb84e9272d69d6c73838113d4ef77f9b58db285258672770473feccd593977
- SSDEEP
  
  24576:zjm0CV+B6ec8h94sCyifbazMhFfvwsUt1LgnaIjQplsuQtOv+FvrQMsXbYoKhWfD:7zHGyifmzGRk6a5LKwWFv55of9HnFM0p
Score

10^/10

stealc kira defense_evasion stealer discovery
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealckiradefense_evasionstealer

behavioral2

stealckiradefense_evasiondiscoverystealer