General

  • Target

    38e8f61179f74a4af9a419157f5cba8cfb8c2a82afa409e6c60c0a0d5a143ac5.exe

  • Size

    2.8MB

  • Sample

    240921-bmz7xaycjq

  • MD5

    6d3bad951056981146f8c2cb7bf0e2a3

  • SHA1

    e6816e4957b7a988091d875f78b634f2642e29fd

  • SHA256

    38e8f61179f74a4af9a419157f5cba8cfb8c2a82afa409e6c60c0a0d5a143ac5

  • SHA512

    56b5ce5a9ad77a3aa480b43a2317391a6db184077a63f5b506c73cef791ae9e688b9d6728f2b965745431fad57a35d8b89baf1040acc6e3ce0b512e7b23bfe91

  • SSDEEP

    49152:64UKZ8U7cEsNiKgCbH1kiQLPy9wx+bKgLqxVdkBZ:sKZ8U7cEANgCbH1khLPIwx+egmFkj

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      38e8f61179f74a4af9a419157f5cba8cfb8c2a82afa409e6c60c0a0d5a143ac5.exe

    • Size

      2.8MB

    • MD5

      6d3bad951056981146f8c2cb7bf0e2a3

    • SHA1

      e6816e4957b7a988091d875f78b634f2642e29fd

    • SHA256

      38e8f61179f74a4af9a419157f5cba8cfb8c2a82afa409e6c60c0a0d5a143ac5

    • SHA512

      56b5ce5a9ad77a3aa480b43a2317391a6db184077a63f5b506c73cef791ae9e688b9d6728f2b965745431fad57a35d8b89baf1040acc6e3ce0b512e7b23bfe91

    • SSDEEP

      49152:64UKZ8U7cEsNiKgCbH1kiQLPy9wx+bKgLqxVdkBZ:sKZ8U7cEANgCbH1khLPIwx+egmFkj

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks