General
-
Target
VT7EI_random.exe
-
Size
1.7MB
-
Sample
250301-r66rsstqy8
-
MD5
3891efe6cb01a588bd357679daed42f2
-
SHA1
a323dd6222ffc317a392459b12b8445a54825241
-
SHA256
c77e120dcf9aba1916abd916ee43658deef36e7003e4f74d2f0bf429deffe2f9
-
SHA512
10a6a6931ce51ff03da221a84c66e6ae3c1212b9da06da166e401617f1b6ec01a54f770a6569a5ca4fbdc84afa04fc15ede38346de3b17ac1083d40d664f9860
-
SSDEEP
49152:HqweUcPuwt0lvKOyLFTJ4DgpcTdLtkmBAucvBatrRV:/eUcPuQLFFX6rDcvBatr
Malware Config
Extracted
stealc
trump
http://45.93.20.28
-
url_path
/85a1cacf11314eb8.php
Targets
-
-
Target
VT7EI_random.exe
-
Size
1.7MB
-
MD5
3891efe6cb01a588bd357679daed42f2
-
SHA1
a323dd6222ffc317a392459b12b8445a54825241
-
SHA256
c77e120dcf9aba1916abd916ee43658deef36e7003e4f74d2f0bf429deffe2f9
-
SHA512
10a6a6931ce51ff03da221a84c66e6ae3c1212b9da06da166e401617f1b6ec01a54f770a6569a5ca4fbdc84afa04fc15ede38346de3b17ac1083d40d664f9860
-
SSDEEP
49152:HqweUcPuwt0lvKOyLFTJ4DgpcTdLtkmBAucvBatrRV:/eUcPuQLFFX6rDcvBatr
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-