General

  • Target

    aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1

  • Size

    2.7MB

  • Sample

    240919-2lsdsavfjl

  • MD5

    db14c81656d15a89e797eb0d7fdd5b10

  • SHA1

    8e1a9e234cd0126291562c2e17f4cfd615c93e34

  • SHA256

    aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1

  • SHA512

    145b98e6780d2af04c88d7ed0ea3177b3adac5b657b5258e0d197eeb58e1e9732577e0abb3758e321a4f1c308992dfd9e114d68a27d533258fa7099cbcd80072

  • SSDEEP

    49152:Y9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONe:Y9Oon2Lfxiu9+Rfdw93t5V4gVO4

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1

    • Size

      2.7MB

    • MD5

      db14c81656d15a89e797eb0d7fdd5b10

    • SHA1

      8e1a9e234cd0126291562c2e17f4cfd615c93e34

    • SHA256

      aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1

    • SHA512

      145b98e6780d2af04c88d7ed0ea3177b3adac5b657b5258e0d197eeb58e1e9732577e0abb3758e321a4f1c308992dfd9e114d68a27d533258fa7099cbcd80072

    • SSDEEP

      49152:Y9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONe:Y9Oon2Lfxiu9+Rfdw93t5V4gVO4

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks