General

  • Target

    cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876

  • Size

    2.8MB

  • Sample

    240923-ft7yjswhkd

  • MD5

    b6486d5d75d36f8294ee6af81617df36

  • SHA1

    2171e30f89542f95738904e1de24df6725d61481

  • SHA256

    cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876

  • SHA512

    18eba71f3676ca5877a150dbd34cde5a2f1a70a93b95923d7aa6feeeb3cb961b358a758f6d443496ca682fadec1879b09511f6b948728a31b228e4007e8901b6

  • SSDEEP

    49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImC:bncMSleNaNhQ4d3XcGTWImC

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876

    • Size

      2.8MB

    • MD5

      b6486d5d75d36f8294ee6af81617df36

    • SHA1

      2171e30f89542f95738904e1de24df6725d61481

    • SHA256

      cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876

    • SHA512

      18eba71f3676ca5877a150dbd34cde5a2f1a70a93b95923d7aa6feeeb3cb961b358a758f6d443496ca682fadec1879b09511f6b948728a31b228e4007e8901b6

    • SSDEEP

      49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImC:bncMSleNaNhQ4d3XcGTWImC

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks