General

  • Target

    b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133N

  • Size

    2.7MB

  • Sample

    240921-a162yaxbql

  • MD5

    fd4d83b539cda4ea532a32d30cdb3810

  • SHA1

    07a76c5589a3c9a14df35ed2f62737ce68f38f98

  • SHA256

    b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133

  • SHA512

    509cb982e59adb8f2af58be75652625e732f6cf4174920e7dcfdeb5fac4cb306f75e96e7e3a7e975e46fc6b04984dd0f8158e80007834993ad736e64251dc33b

  • SSDEEP

    49152:b3qNhQutcEBo+WXBrCpbo1BL/93e+t2PLlB9wuPdkPD:DqNhQkcN+WRepc1BLl3e+t2PRB9JPK

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133N

    • Size

      2.7MB

    • MD5

      fd4d83b539cda4ea532a32d30cdb3810

    • SHA1

      07a76c5589a3c9a14df35ed2f62737ce68f38f98

    • SHA256

      b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133

    • SHA512

      509cb982e59adb8f2af58be75652625e732f6cf4174920e7dcfdeb5fac4cb306f75e96e7e3a7e975e46fc6b04984dd0f8158e80007834993ad736e64251dc33b

    • SSDEEP

      49152:b3qNhQutcEBo+WXBrCpbo1BL/93e+t2PLlB9wuPdkPD:DqNhQkcN+WRepc1BLl3e+t2PRB9JPK

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks