General

  • Target

    b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5.exe

  • Size

    2.7MB

  • Sample

    240920-tkd6rsvhlr

  • MD5

    78367a96d5fa6b7e8e89a777a28b0735

  • SHA1

    3be92b5ee229a50485b336dbcdb302180f8f17c4

  • SHA256

    b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5

  • SHA512

    1906ad20730f4bd32de43a77ddbe55cbb120832d0ccacc5d243701ad719c833b4f97aec5c2b551ceec1d13d859cb03ed55451f02e5c207cadbb57a6797fc70d7

  • SSDEEP

    24576:WzSFDpnxQPoxAkGgeIJ7zetCUz4ExUQH6a+GUV97/1jbJpypA/qJLZaJBByP0bM4:vpnCHuJfpJNFjPjwLkHk8oWtyFiW43n

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5.exe

    • Size

      2.7MB

    • MD5

      78367a96d5fa6b7e8e89a777a28b0735

    • SHA1

      3be92b5ee229a50485b336dbcdb302180f8f17c4

    • SHA256

      b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5

    • SHA512

      1906ad20730f4bd32de43a77ddbe55cbb120832d0ccacc5d243701ad719c833b4f97aec5c2b551ceec1d13d859cb03ed55451f02e5c207cadbb57a6797fc70d7

    • SSDEEP

      24576:WzSFDpnxQPoxAkGgeIJ7zetCUz4ExUQH6a+GUV97/1jbJpypA/qJLZaJBByP0bM4:vpnCHuJfpJNFjPjwLkHk8oWtyFiW43n

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks