General

  • Target

    549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df.exe

  • Size

    2.7MB

  • Sample

    240920-rtjfqs1gmk

  • MD5

    3b62243715bd7937e90ad9be6bfd6645

  • SHA1

    344daa734c57bcf55071e72b1b531abe5e6e953a

  • SHA256

    549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df

  • SHA512

    5dc740ed89b369209d04310d106caaca9a620ad066055ca69ba8f927237cb5fefb85ba448b6fb0216938fe7003fb29ced4f40e84daf57a73be1f8d0223c8a0ec

  • SSDEEP

    24576:WzSFDpnxQPoxAkGgeIJ7zetCUz4ExUQH6a+GUV97/1jbJpypA/qJLZaJBByP0bM2:vpnCHuJfpJNFjPjwLkHk8oWtyFiW43x

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df.exe

    • Size

      2.7MB

    • MD5

      3b62243715bd7937e90ad9be6bfd6645

    • SHA1

      344daa734c57bcf55071e72b1b531abe5e6e953a

    • SHA256

      549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df

    • SHA512

      5dc740ed89b369209d04310d106caaca9a620ad066055ca69ba8f927237cb5fefb85ba448b6fb0216938fe7003fb29ced4f40e84daf57a73be1f8d0223c8a0ec

    • SSDEEP

      24576:WzSFDpnxQPoxAkGgeIJ7zetCUz4ExUQH6a+GUV97/1jbJpypA/qJLZaJBByP0bM2:vpnCHuJfpJNFjPjwLkHk8oWtyFiW43x

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks