General

  • Target

    8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9.exe

  • Size

    2.7MB

  • Sample

    240920-sbm7mssgjn

  • MD5

    65c891433ccfcc618f803149c1bc15b2

  • SHA1

    69bee79f389290eed2a8256cd62adf95c4c6fa03

  • SHA256

    8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9

  • SHA512

    c16c5116244dafb0ac1f4e8a4ecf9c90dc7c11bcbcb6bc523c544004d7a7a76376adf1ab9d48ff500b0f3671bc073f73af3f5a44d8b08435660e060f555ea181

  • SSDEEP

    49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rb:dSfpUcW9y+ike76QvdKU2I4H89rb

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9.exe

    • Size

      2.7MB

    • MD5

      65c891433ccfcc618f803149c1bc15b2

    • SHA1

      69bee79f389290eed2a8256cd62adf95c4c6fa03

    • SHA256

      8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9

    • SHA512

      c16c5116244dafb0ac1f4e8a4ecf9c90dc7c11bcbcb6bc523c544004d7a7a76376adf1ab9d48ff500b0f3671bc073f73af3f5a44d8b08435660e060f555ea181

    • SSDEEP

      49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rb:dSfpUcW9y+ike76QvdKU2I4H89rb

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks