General

  • Target

    c3103372ac7ad8602127c08408e6c0fb2340f3ac1a3fa6b34b542771569bcac2

  • Size

    2.8MB

  • Sample

    240923-ftvm8awhje

  • MD5

    710f2b963fc657162123f36c08adeaa1

  • SHA1

    a582ff545fbfb9430866bd5d72a869c243fe5a8a

  • SHA256

    c3103372ac7ad8602127c08408e6c0fb2340f3ac1a3fa6b34b542771569bcac2

  • SHA512

    87b92e817b36f8608db726b481db01bf3ba9d22a62207df66d1376555c0cd835602778b879fc753e25f1fb14e226aa2fe1abb10217b96c6fc60da78a89a6dbf7

  • SSDEEP

    49152:d7g1a7Z71tFC16FNzxWS/5S+YmG7LUR9pQbWb/:d7g1a7Z71tFC16FNoSRm7IWb

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      c3103372ac7ad8602127c08408e6c0fb2340f3ac1a3fa6b34b542771569bcac2

    • Size

      2.8MB

    • MD5

      710f2b963fc657162123f36c08adeaa1

    • SHA1

      a582ff545fbfb9430866bd5d72a869c243fe5a8a

    • SHA256

      c3103372ac7ad8602127c08408e6c0fb2340f3ac1a3fa6b34b542771569bcac2

    • SHA512

      87b92e817b36f8608db726b481db01bf3ba9d22a62207df66d1376555c0cd835602778b879fc753e25f1fb14e226aa2fe1abb10217b96c6fc60da78a89a6dbf7

    • SSDEEP

      49152:d7g1a7Z71tFC16FNzxWS/5S+YmG7LUR9pQbWb/:d7g1a7Z71tFC16FNoSRm7IWb

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks