General

  • Target

    8c02cc9d5b7c298222211f0f5b7c7fb25b0e8b20b81c082064133b885641f11d

  • Size

    2.8MB

  • Sample

    240923-fr516sxbjk

  • MD5

    c13f885a7d8d80f7e2ab6b635b6c7488

  • SHA1

    bc797c91e35bf53107a275138ac19ad36547eadb

  • SHA256

    8c02cc9d5b7c298222211f0f5b7c7fb25b0e8b20b81c082064133b885641f11d

  • SHA512

    01685aa7201acdbd07a987c6c44e9b8a3b2779552bec1fb24ae6790e1610f916629c5a846de58e9fbaa9f774c9cf070efbeba69f85b31d80a5df123a5f351808

  • SSDEEP

    49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImJ:bncMSleNaNhQ4d3XcGTWImJ

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      8c02cc9d5b7c298222211f0f5b7c7fb25b0e8b20b81c082064133b885641f11d

    • Size

      2.8MB

    • MD5

      c13f885a7d8d80f7e2ab6b635b6c7488

    • SHA1

      bc797c91e35bf53107a275138ac19ad36547eadb

    • SHA256

      8c02cc9d5b7c298222211f0f5b7c7fb25b0e8b20b81c082064133b885641f11d

    • SHA512

      01685aa7201acdbd07a987c6c44e9b8a3b2779552bec1fb24ae6790e1610f916629c5a846de58e9fbaa9f774c9cf070efbeba69f85b31d80a5df123a5f351808

    • SSDEEP

      49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImJ:bncMSleNaNhQ4d3XcGTWImJ

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks