General

  • Target

    019acbd372d8e2b1d0410a9d3ac95e4c3010cb9affa8f5b5ce1cbb1d0aea0e2b

  • Size

    2.8MB

  • Sample

    240923-fm1kwswfmh

  • MD5

    97d3bfcdd6c394ed7915664e24787559

  • SHA1

    fe8b289860a804599d784326afebad103150399d

  • SHA256

    019acbd372d8e2b1d0410a9d3ac95e4c3010cb9affa8f5b5ce1cbb1d0aea0e2b

  • SHA512

    d70db2b0d157ecc42210b3cd2f97e5ff43ebba0c5e61d3ee29398a47d3dd598300592b19c676f0361e70f5892813037bde73c96af34e8374077321b66eb1fb01

  • SSDEEP

    49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImK:bncMSleNaNhQ4d3XcGTWImK

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      019acbd372d8e2b1d0410a9d3ac95e4c3010cb9affa8f5b5ce1cbb1d0aea0e2b

    • Size

      2.8MB

    • MD5

      97d3bfcdd6c394ed7915664e24787559

    • SHA1

      fe8b289860a804599d784326afebad103150399d

    • SHA256

      019acbd372d8e2b1d0410a9d3ac95e4c3010cb9affa8f5b5ce1cbb1d0aea0e2b

    • SHA512

      d70db2b0d157ecc42210b3cd2f97e5ff43ebba0c5e61d3ee29398a47d3dd598300592b19c676f0361e70f5892813037bde73c96af34e8374077321b66eb1fb01

    • SSDEEP

      49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImK:bncMSleNaNhQ4d3XcGTWImK

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks