General

  • Target

    b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8bN

  • Size

    2.7MB

  • Sample

    240923-ehay1awbnn

  • MD5

    e48a2834391828f83a1d0bd2cb9a6ed0

  • SHA1

    2a33e7ae37f756a05eff8b14d1f60b864958d872

  • SHA256

    b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8b

  • SHA512

    c1aa6a0e570663a85f3f87871bb9a47fb9bf0340e17c36983d1a8ca56304a0575526822846df3239dd96c3291f00bf39645836c575b806b00b05260318887fec

  • SSDEEP

    49152:uzoXarYgSetfAPGLqVBDmebLh05BN19sQPGQ7:qO0XSetfAPGLqVBDmeHh0PBGW

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8bN

    • Size

      2.7MB

    • MD5

      e48a2834391828f83a1d0bd2cb9a6ed0

    • SHA1

      2a33e7ae37f756a05eff8b14d1f60b864958d872

    • SHA256

      b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8b

    • SHA512

      c1aa6a0e570663a85f3f87871bb9a47fb9bf0340e17c36983d1a8ca56304a0575526822846df3239dd96c3291f00bf39645836c575b806b00b05260318887fec

    • SSDEEP

      49152:uzoXarYgSetfAPGLqVBDmebLh05BN19sQPGQ7:qO0XSetfAPGLqVBDmeHh0PBGW

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks