General

  • Target

    366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599.exe

  • Size

    2.8MB

  • Sample

    240920-q7tyyszcna

  • MD5

    2eb70ea6989f3cb1763ffef0d851d05b

  • SHA1

    c69538e1147dc754dffa6cf98e7d3ac9ce73eae5

  • SHA256

    366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599

  • SHA512

    23b4679ccfa152ee5cf1b7de420a9da6a2ff0f13d75064c7dbd92111f6f30b81072b1f9136910c20b3f13e5a163ec7847aae01f3ebe9cb38758039f82f3d9f9d

  • SSDEEP

    49152:aR2RFy+OUY48H0R8mDxwEincrs8yYz1Ucl:aoFy+O48H0RtwZ18yOD

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599.exe

    • Size

      2.8MB

    • MD5

      2eb70ea6989f3cb1763ffef0d851d05b

    • SHA1

      c69538e1147dc754dffa6cf98e7d3ac9ce73eae5

    • SHA256

      366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599

    • SHA512

      23b4679ccfa152ee5cf1b7de420a9da6a2ff0f13d75064c7dbd92111f6f30b81072b1f9136910c20b3f13e5a163ec7847aae01f3ebe9cb38758039f82f3d9f9d

    • SSDEEP

      49152:aR2RFy+OUY48H0R8mDxwEincrs8yYz1Ucl:aoFy+O48H0RtwZ18yOD

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks