General

  • Target

    3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39

  • Size

    2.8MB

  • Sample

    240923-fpgksswfre

  • MD5

    1169bb2b1aa99568c469196a2294d2fe

  • SHA1

    ba19242f350e26f63a13e253af88302393179e0b

  • SHA256

    3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39

  • SHA512

    363e81c74e022cca8905953f87833044007f239f3c628bfcb9983db779866efc7a62d3a300af93be483e8719a98ffbdd350d480c5efcf89d7a9575a05eb46cae

  • SSDEEP

    49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImE:bncMSleNaNhQ4d3XcGTWImE

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39

    • Size

      2.8MB

    • MD5

      1169bb2b1aa99568c469196a2294d2fe

    • SHA1

      ba19242f350e26f63a13e253af88302393179e0b

    • SHA256

      3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39

    • SHA512

      363e81c74e022cca8905953f87833044007f239f3c628bfcb9983db779866efc7a62d3a300af93be483e8719a98ffbdd350d480c5efcf89d7a9575a05eb46cae

    • SSDEEP

      49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImE:bncMSleNaNhQ4d3XcGTWImE

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks