General

  • Target

    c2e1a7c1a3a7c2916ea2694bb0aa0f23158698e77498ff16604fd0023205f2f1.exe

  • Size

    2.7MB

  • Sample

    240920-lfn66szard

  • MD5

    413a0e51e03abae9cfa324ee79b237e5

  • SHA1

    010941a4b620c7a8f519bd4c63f2550bd82417cb

  • SHA256

    c2e1a7c1a3a7c2916ea2694bb0aa0f23158698e77498ff16604fd0023205f2f1

  • SHA512

    4f49db5c267f86c467ecb79dd53a4a79c832dab8c88cd325ec9deb6e553b8f2560518a577ba3c406675e943fce297efd7fb903c28e15f94210e1328ad90c5cac

  • SSDEEP

    49152:Xhf8Shruo5wej7Mnr25fC2eGWPVZX3EJRh:REShrZ5w27MryfCPP/X34P

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      c2e1a7c1a3a7c2916ea2694bb0aa0f23158698e77498ff16604fd0023205f2f1.exe

    • Size

      2.7MB

    • MD5

      413a0e51e03abae9cfa324ee79b237e5

    • SHA1

      010941a4b620c7a8f519bd4c63f2550bd82417cb

    • SHA256

      c2e1a7c1a3a7c2916ea2694bb0aa0f23158698e77498ff16604fd0023205f2f1

    • SHA512

      4f49db5c267f86c467ecb79dd53a4a79c832dab8c88cd325ec9deb6e553b8f2560518a577ba3c406675e943fce297efd7fb903c28e15f94210e1328ad90c5cac

    • SSDEEP

      49152:Xhf8Shruo5wej7Mnr25fC2eGWPVZX3EJRh:REShrZ5w27MryfCPP/X34P

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks