General

  • Target

    random.exe

  • Size

    1.8MB

  • Sample

    241001-fj83vswapc

  • MD5

    e12dff26d257800a0f411dda1fdb521f

  • SHA1

    ed660b5a175dce979ca5e77f13d2e89b2c8aaadc

  • SHA256

    e082f507be5674e4813a6f32759c2551bfedea8e298082cab225b787b6e89d60

  • SHA512

    4771f88f9f2a7fa1a165866c1782564d141d8030ff3110cc5d002f8d0ddf2a5e85d66eabca99d10383cff02e0e4b465b9f896d89b27b2e3e6a767cb1d897728b

  • SSDEEP

    24576:RkRhl9USnloGAklNG66X57K/zlRvKxh6k3aVa12FDhvH55NQ7DrG3Mp5C2GS2:SbKGBnGpNcbchsIg5hvZ5NEi8p5+

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      random.exe

    • Size

      1.8MB

    • MD5

      e12dff26d257800a0f411dda1fdb521f

    • SHA1

      ed660b5a175dce979ca5e77f13d2e89b2c8aaadc

    • SHA256

      e082f507be5674e4813a6f32759c2551bfedea8e298082cab225b787b6e89d60

    • SHA512

      4771f88f9f2a7fa1a165866c1782564d141d8030ff3110cc5d002f8d0ddf2a5e85d66eabca99d10383cff02e0e4b465b9f896d89b27b2e3e6a767cb1d897728b

    • SSDEEP

      24576:RkRhl9USnloGAklNG66X57K/zlRvKxh6k3aVa12FDhvH55NQ7DrG3Mp5C2GS2:SbKGBnGpNcbchsIg5hvZ5NEi8p5+

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks