General

  • Target

    42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7.exe

  • Size

    2.8MB

  • Sample

    240921-bnn62aycnk

  • MD5

    83bb3a5722be86a8de2c8ee8f5475914

  • SHA1

    f63a054ef8088f3f7bd10300480b46735c52a269

  • SHA256

    42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7

  • SHA512

    9d26355981b3794b59c72f58b08110a771f6e8622db3603e6974c4cec40a0387585e459d81ef14d9b5e3f56c9561787c2055c1d790c21cd73d763a29eb5528d5

  • SSDEEP

    49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnIm5:bncMSleNaNhQ4d3XcGTWIm5

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7.exe

    • Size

      2.8MB

    • MD5

      83bb3a5722be86a8de2c8ee8f5475914

    • SHA1

      f63a054ef8088f3f7bd10300480b46735c52a269

    • SHA256

      42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7

    • SHA512

      9d26355981b3794b59c72f58b08110a771f6e8622db3603e6974c4cec40a0387585e459d81ef14d9b5e3f56c9561787c2055c1d790c21cd73d763a29eb5528d5

    • SSDEEP

      49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnIm5:bncMSleNaNhQ4d3XcGTWIm5

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks