General

  • Target

    e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6

  • Size

    1.7MB

  • Sample

    240919-2pzx2avgqm

  • MD5

    f99bff62e7442175697c5b103a993298

  • SHA1

    59a81d48e50a8ea2c55cf7ae56d0de9c379972f2

  • SHA256

    e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6

  • SHA512

    b14f226b58dee1054382377f4891e0f41a29babf721888dd46c304e3badc07eef6f530f041651249a85d4b1c007789fef4a9a684f140f3bbf7359e9212c1ecfb

  • SSDEEP

    24576:80xMki4tLX0b9uaDrZubTY5h1VBWOjwvO5j0aelRr9K5UOa7T9nXCQbHVm+bs4qQ:4mq9u7bT2vk25Ab/r9EUO4Tl1LV

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6

    • Size

      1.7MB

    • MD5

      f99bff62e7442175697c5b103a993298

    • SHA1

      59a81d48e50a8ea2c55cf7ae56d0de9c379972f2

    • SHA256

      e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6

    • SHA512

      b14f226b58dee1054382377f4891e0f41a29babf721888dd46c304e3badc07eef6f530f041651249a85d4b1c007789fef4a9a684f140f3bbf7359e9212c1ecfb

    • SSDEEP

      24576:80xMki4tLX0b9uaDrZubTY5h1VBWOjwvO5j0aelRr9K5UOa7T9nXCQbHVm+bs4qQ:4mq9u7bT2vk25Ab/r9EUO4Tl1LV

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks