General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241001-jjnzgasclh

  • MD5

    5eb82808e74fc77120a8112f65825f29

  • SHA1

    0b4a0d01260e24dc0ee8102e90b18a789eb4d4d0

  • SHA256

    ce98925133b7b1d5977a70f6f6fa9baec6148c30b549292ea825e8c4d431cc87

  • SHA512

    b026f1824880aeeb80a42c31c1a9cfbc24ffc95a8ed22b5b658fceb5ba1be804e21549bd5bd10489613492141b720f04b9ea4870e82ef9604b043b4af9adcb40

  • SSDEEP

    24576:rV14f7HskN+1hXhNTxxZPIUTVKF47EhYYeHi+cV1UraamH2YVRYqu0i:rL4f7MkN+/xNTF1+dOi+sUuaq2fy

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      5eb82808e74fc77120a8112f65825f29

    • SHA1

      0b4a0d01260e24dc0ee8102e90b18a789eb4d4d0

    • SHA256

      ce98925133b7b1d5977a70f6f6fa9baec6148c30b549292ea825e8c4d431cc87

    • SHA512

      b026f1824880aeeb80a42c31c1a9cfbc24ffc95a8ed22b5b658fceb5ba1be804e21549bd5bd10489613492141b720f04b9ea4870e82ef9604b043b4af9adcb40

    • SSDEEP

      24576:rV14f7HskN+1hXhNTxxZPIUTVKF47EhYYeHi+cV1UraamH2YVRYqu0i:rL4f7MkN+/xNTF1+dOi+sUuaq2fy

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks