General

  • Target

    7e50a96ea2ff110bb9357c76b1a7f4e85234cc43a25be88303623f4f361d59cf.exe

  • Size

    2.8MB

  • Sample

    240921-btx15ayfjl

  • MD5

    2a220dc7498ce83963e3ee1826364a0c

  • SHA1

    16915ad517a984b0b600145f790cebd2dc5ac93f

  • SHA256

    7e50a96ea2ff110bb9357c76b1a7f4e85234cc43a25be88303623f4f361d59cf

  • SHA512

    0923a540947335a10e87f62954633acb6e0bd57f4b634e9af2f8ad093cca1efdbdc8db09aa5078ee981b81d8ce6033e73fa0e509f25d50037e1072cf3cd8a3fd

  • SSDEEP

    49152:asq/DgZ1kJ1QwXJZ0Xc/8TBgxKJ0Ux2gQqRm2aR:a5/DgZ1kJGwZ7/8aO2gFaR

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      7e50a96ea2ff110bb9357c76b1a7f4e85234cc43a25be88303623f4f361d59cf.exe

    • Size

      2.8MB

    • MD5

      2a220dc7498ce83963e3ee1826364a0c

    • SHA1

      16915ad517a984b0b600145f790cebd2dc5ac93f

    • SHA256

      7e50a96ea2ff110bb9357c76b1a7f4e85234cc43a25be88303623f4f361d59cf

    • SHA512

      0923a540947335a10e87f62954633acb6e0bd57f4b634e9af2f8ad093cca1efdbdc8db09aa5078ee981b81d8ce6033e73fa0e509f25d50037e1072cf3cd8a3fd

    • SSDEEP

      49152:asq/DgZ1kJ1QwXJZ0Xc/8TBgxKJ0Ux2gQqRm2aR:a5/DgZ1kJGwZ7/8aO2gFaR

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks