General
-
Target
eba48666f919b709a9b0af2c29644859070a549143769c959c1bba1d9141fb82
-
Size
1.7MB
-
Sample
250225-shy8gssjw4
-
MD5
e07e428934869380a09e44ba74f35fd1
-
SHA1
4d03453968a0b5a8e2f0d0f2711f8058e832f9bf
-
SHA256
eba48666f919b709a9b0af2c29644859070a549143769c959c1bba1d9141fb82
-
SHA512
72f6476535fb4dadfb09ac311a6ff37b505ffadbbb24dcd0d1a3c84c8a6dc18783c9f2f8797d184e24bb18e0071352841c71e5b911fcced2f6e4836b252e7efd
-
SSDEEP
49152:J/MIiY0R1dRWPKscWVjI70LAxdJvmEvQxT4b49d8HFgL:J/MN3R1H8YWVjzKdJvnHk8Hq
Malware Config
Extracted
stealc
reno
http://185.215.113.115
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
eba48666f919b709a9b0af2c29644859070a549143769c959c1bba1d9141fb82
-
Size
1.7MB
-
MD5
e07e428934869380a09e44ba74f35fd1
-
SHA1
4d03453968a0b5a8e2f0d0f2711f8058e832f9bf
-
SHA256
eba48666f919b709a9b0af2c29644859070a549143769c959c1bba1d9141fb82
-
SHA512
72f6476535fb4dadfb09ac311a6ff37b505ffadbbb24dcd0d1a3c84c8a6dc18783c9f2f8797d184e24bb18e0071352841c71e5b911fcced2f6e4836b252e7efd
-
SSDEEP
49152:J/MIiY0R1dRWPKscWVjI70LAxdJvmEvQxT4b49d8HFgL:J/MN3R1H8YWVjzKdJvnHk8Hq
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-