stealc | eb6054323ea8663021dd7a4d6bafab00f5f61a8c93f8b5cc52f58a67f6585f23 | Triage

Sharing

General

Target

eb6054323ea8663021dd7a4d6bafab00f5f61a8c93f8b5cc52f58a67f6585f23N.exe
Size

1.8MB
Sample

250212-xm2lmatjfm
MD5

c84a00c743102a3d1eeda3f6031035f0
SHA1

a36eacb1161890ee106bc83cb1e033a3f0040c2c
SHA256

eb6054323ea8663021dd7a4d6bafab00f5f61a8c93f8b5cc52f58a67f6585f23
SHA512

ce2f84cef5cc651b3bcdc458a74007608a993af8f091ff639acd8f60389fda3a1ac643ca80e81316fa0c522b2d0c4a28f9aa70a80d75eb24e9add237a65ce51d
SSDEEP

24576:zjm0CV+B6ec8h94sCyifbazMhFfvwsUt1LgnaIjQplsuQtOv+FvrQMsXbYoKhWfB:7zHGyifmzGRk6a5LKwWFv55of9HnFM0

Score

10^/10

stealc kira defense_evasion discovery stealer

Malware Config

Extracted

Family

stealc

Botnet

kira

C2

http://185.215.113.115

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  eb6054323ea8663021dd7a4d6bafab00f5f61a8c93f8b5cc52f58a67f6585f23N.exe
- Size
  
  1.8MB
- MD5
  
  c84a00c743102a3d1eeda3f6031035f0
- SHA1
  
  a36eacb1161890ee106bc83cb1e033a3f0040c2c
- SHA256
  
  eb6054323ea8663021dd7a4d6bafab00f5f61a8c93f8b5cc52f58a67f6585f23
- SHA512
  
  ce2f84cef5cc651b3bcdc458a74007608a993af8f091ff639acd8f60389fda3a1ac643ca80e81316fa0c522b2d0c4a28f9aa70a80d75eb24e9add237a65ce51d
- SSDEEP
  
  24576:zjm0CV+B6ec8h94sCyifbazMhFfvwsUt1LgnaIjQplsuQtOv+FvrQMsXbYoKhWfB:7zHGyifmzGRk6a5LKwWFv55of9HnFM0
Score

10^/10

stealc kira defense_evasion stealer discovery
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealckiradefense_evasionstealer

behavioral2

stealckiradefense_evasiondiscoverystealer