General

  • Target

    d24e4dc40f6bf9387d4c2fe5fe72bffedb244ba67e4386a7eaf7d25db4e3340b.exe

  • Size

    1.8MB

  • Sample

    241001-b6v3asvdmn

  • MD5

    b92f60a126c6e055a86cf6145cfccfc3

  • SHA1

    4878b0dae9c643b93271c13e4b941ec8ea1cfa7c

  • SHA256

    d24e4dc40f6bf9387d4c2fe5fe72bffedb244ba67e4386a7eaf7d25db4e3340b

  • SHA512

    0545bb5dd16adf67077ba0d49b90813f76a9a070538608701e2da440355221b1efd90cd06f82cb98840f6c75acf9b249d817fdf903f919e3ce176a09badcbe03

  • SSDEEP

    49152:UI5CYjYQI+EQrY+MzBqyA1Yz1OcgWif/D3ZOpRgr:UkkT+wzBq2hW/YpRgr

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      d24e4dc40f6bf9387d4c2fe5fe72bffedb244ba67e4386a7eaf7d25db4e3340b.exe

    • Size

      1.8MB

    • MD5

      b92f60a126c6e055a86cf6145cfccfc3

    • SHA1

      4878b0dae9c643b93271c13e4b941ec8ea1cfa7c

    • SHA256

      d24e4dc40f6bf9387d4c2fe5fe72bffedb244ba67e4386a7eaf7d25db4e3340b

    • SHA512

      0545bb5dd16adf67077ba0d49b90813f76a9a070538608701e2da440355221b1efd90cd06f82cb98840f6c75acf9b249d817fdf903f919e3ce176a09badcbe03

    • SSDEEP

      49152:UI5CYjYQI+EQrY+MzBqyA1Yz1OcgWif/D3ZOpRgr:UkkT+wzBq2hW/YpRgr

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks