General

  • Target

    218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e

  • Size

    2.8MB

  • Sample

    240923-fny4fswfqb

  • MD5

    41886b664dfcbdbb2df7a1789f44abf5

  • SHA1

    4d02876fe1ee93e75f57c83539825fc1bfd48370

  • SHA256

    218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e

  • SHA512

    ee71ec5a901e29bc9f0d72cc528fa4334b37297c68d0e39565ae3cd69fc6c4cb8eb072c421700d9d13db8efc70685566a6451445f7b520afe70ca434af3672d3

  • SSDEEP

    49152:d7g1a7Z71tFC16FNzxWS/5S+YmG7LUR9pQbWb/K:d7g1a7Z71tFC16FNoSRm7IWbt

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e

    • Size

      2.8MB

    • MD5

      41886b664dfcbdbb2df7a1789f44abf5

    • SHA1

      4d02876fe1ee93e75f57c83539825fc1bfd48370

    • SHA256

      218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e

    • SHA512

      ee71ec5a901e29bc9f0d72cc528fa4334b37297c68d0e39565ae3cd69fc6c4cb8eb072c421700d9d13db8efc70685566a6451445f7b520afe70ca434af3672d3

    • SSDEEP

      49152:d7g1a7Z71tFC16FNzxWS/5S+YmG7LUR9pQbWb/K:d7g1a7Z71tFC16FNoSRm7IWbt

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks