General

  • Target

    d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d

  • Size

    2.8MB

  • Sample

    240923-fvbxhawhke

  • MD5

    fc8449d388ec7454449aa271e534b85b

  • SHA1

    1b1d3ea9d15d05f9a41d5899a6782fe44bc5b319

  • SHA256

    d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d

  • SHA512

    a68e9eb29493ea807408a0835daf9caae8e0ce8db6ba314854333291fbb9921f6bdb92311fc584dd1d3cb52f5842e248f2e6fcd15fa150488e7931b4350b29fd

  • SSDEEP

    49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImK:bncMSleNaNhQ4d3XcGTWImK

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d

    • Size

      2.8MB

    • MD5

      fc8449d388ec7454449aa271e534b85b

    • SHA1

      1b1d3ea9d15d05f9a41d5899a6782fe44bc5b319

    • SHA256

      d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d

    • SHA512

      a68e9eb29493ea807408a0835daf9caae8e0ce8db6ba314854333291fbb9921f6bdb92311fc584dd1d3cb52f5842e248f2e6fcd15fa150488e7931b4350b29fd

    • SSDEEP

      49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImK:bncMSleNaNhQ4d3XcGTWImK

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks