General

  • Target

    ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8.exe

  • Size

    1.7MB

  • Sample

    241001-jp7c1asepg

  • MD5

    ce91f864c65b0c93bc1c9a36521143f3

  • SHA1

    11fbffa510fbaae9ca46862c1849c52af5fbd5fe

  • SHA256

    ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8

  • SHA512

    94b5411a1712428b0e412fcab9969cf7c3fb1f84754c403b2c833b158df8bee1af8680fa26706184a08a98cbe47c4ca9b6ce9d33693be54c49881b4f17ebed36

  • SSDEEP

    49152:Z0ZwjxTvispNjFUk0d0wGgqg7Q3LrSAsOs1:2ylTF2qtrSA+1

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8.exe

    • Size

      1.7MB

    • MD5

      ce91f864c65b0c93bc1c9a36521143f3

    • SHA1

      11fbffa510fbaae9ca46862c1849c52af5fbd5fe

    • SHA256

      ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8

    • SHA512

      94b5411a1712428b0e412fcab9969cf7c3fb1f84754c403b2c833b158df8bee1af8680fa26706184a08a98cbe47c4ca9b6ce9d33693be54c49881b4f17ebed36

    • SSDEEP

      49152:Z0ZwjxTvispNjFUk0d0wGgqg7Q3LrSAsOs1:2ylTF2qtrSA+1

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks