General

  • Target

    9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18.exe

  • Size

    1.8MB

  • Sample

    241001-b1tbhsvblp

  • MD5

    3f50351804845b52e987973a2ac7de60

  • SHA1

    3c88186ad4300707fb440d013c7cbef8b3491449

  • SHA256

    9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18

  • SHA512

    2f7188270adff3ba16c977f78ceaed2cb6569481a9006b83b86595b9289affa9240490affe0bbcc52acd7461d2e3071e112789a9d4d706ced82f7015d22bccd4

  • SSDEEP

    24576:9fQbNhb2tYqqG5L8SPnIXdKpKNUHX/w43zrsStS9zxixYuZKE5i4VXNRZSNsTF+f:ybNBs5L8SvI0Xo43FwzxmdrVcba5CpJ

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18.exe

    • Size

      1.8MB

    • MD5

      3f50351804845b52e987973a2ac7de60

    • SHA1

      3c88186ad4300707fb440d013c7cbef8b3491449

    • SHA256

      9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18

    • SHA512

      2f7188270adff3ba16c977f78ceaed2cb6569481a9006b83b86595b9289affa9240490affe0bbcc52acd7461d2e3071e112789a9d4d706ced82f7015d22bccd4

    • SSDEEP

      24576:9fQbNhb2tYqqG5L8SPnIXdKpKNUHX/w43zrsStS9zxixYuZKE5i4VXNRZSNsTF+f:ybNBs5L8SvI0Xo43FwzxmdrVcba5CpJ

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks