General

  • Target

    a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433caN

  • Size

    2.6MB

  • Sample

    240923-essa2awbjh

  • MD5

    6473d88252dbc3527236ee368986c7e0

  • SHA1

    1f574a4923d9048a49aa284a4c103b95ee1aa4fe

  • SHA256

    a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433ca

  • SHA512

    fbbe71260f39f305023861b79c18de2c72f7eb67737080b17bfd05554628749888537307dbe8be6df92a9974f327b03b641be614bfee33f63e96321f883075f6

  • SSDEEP

    49152:76MKZD8x8gOdUVC+XQigB+Yj+gwcSSN8qxaGg1Yb:X9GrUVC+XQtBNxVgib

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433caN

    • Size

      2.6MB

    • MD5

      6473d88252dbc3527236ee368986c7e0

    • SHA1

      1f574a4923d9048a49aa284a4c103b95ee1aa4fe

    • SHA256

      a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433ca

    • SHA512

      fbbe71260f39f305023861b79c18de2c72f7eb67737080b17bfd05554628749888537307dbe8be6df92a9974f327b03b641be614bfee33f63e96321f883075f6

    • SSDEEP

      49152:76MKZD8x8gOdUVC+XQigB+Yj+gwcSSN8qxaGg1Yb:X9GrUVC+XQtBNxVgib

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks