General

  • Target

    a07f6979ee4bb5d995b316e08db3f7e41d39e35cac2d7d047f6d233bb9242cfc.exe

  • Size

    2.8MB

  • Sample

    240920-q3v1fszane

  • MD5

    2f94c8055a5160907f19b1778a5aad52

  • SHA1

    82c5425e79ad67ccea0342b013a57e1b67a53922

  • SHA256

    a07f6979ee4bb5d995b316e08db3f7e41d39e35cac2d7d047f6d233bb9242cfc

  • SHA512

    5eb6af7f1e8cca502ed362aef11072ad0a3aa90f2b95b326945e7f1a0f2be29c06f156c925143bd48150cfc38d9a446d9e183d98e8e19d8cf0e49c6c862986a1

  • SSDEEP

    49152:G6lOTWxWFbVUtJ6PmwoaQGpJTrHfcESKhw+cvHDx6S:VO6WFbVUtcPmfaQAJT4ESKhw+KxP

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      a07f6979ee4bb5d995b316e08db3f7e41d39e35cac2d7d047f6d233bb9242cfc.exe

    • Size

      2.8MB

    • MD5

      2f94c8055a5160907f19b1778a5aad52

    • SHA1

      82c5425e79ad67ccea0342b013a57e1b67a53922

    • SHA256

      a07f6979ee4bb5d995b316e08db3f7e41d39e35cac2d7d047f6d233bb9242cfc

    • SHA512

      5eb6af7f1e8cca502ed362aef11072ad0a3aa90f2b95b326945e7f1a0f2be29c06f156c925143bd48150cfc38d9a446d9e183d98e8e19d8cf0e49c6c862986a1

    • SSDEEP

      49152:G6lOTWxWFbVUtJ6PmwoaQGpJTrHfcESKhw+cvHDx6S:VO6WFbVUtcPmfaQAJT4ESKhw+KxP

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks