General

  • Target

    4ac8ddadd9bbba122aa144ddfd660d8e64260fe13aa37e88c79bc44e5183f08b.exe

  • Size

    1.7MB

  • Sample

    241001-mcec8sybra

  • MD5

    af7d1a15b3db06212a1ad48605f52f63

  • SHA1

    00e375278f05b166b00a8842815a96e013f095a5

  • SHA256

    4ac8ddadd9bbba122aa144ddfd660d8e64260fe13aa37e88c79bc44e5183f08b

  • SHA512

    dad04dd2158ecabd760b4ab19276d3bc78f2424a52ce2aa6e769218d745d7e4fcfce35922772513d5272aebd5cb292460d0e49c0389a787266764f531235e621

  • SSDEEP

    49152:4/aZPw3paa8sgncByUB7ceWVhskHCnuCM6TeYEAwqx6TV:4Fgrc42QRskHquCBejgx6T

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      4ac8ddadd9bbba122aa144ddfd660d8e64260fe13aa37e88c79bc44e5183f08b.exe

    • Size

      1.7MB

    • MD5

      af7d1a15b3db06212a1ad48605f52f63

    • SHA1

      00e375278f05b166b00a8842815a96e013f095a5

    • SHA256

      4ac8ddadd9bbba122aa144ddfd660d8e64260fe13aa37e88c79bc44e5183f08b

    • SHA512

      dad04dd2158ecabd760b4ab19276d3bc78f2424a52ce2aa6e769218d745d7e4fcfce35922772513d5272aebd5cb292460d0e49c0389a787266764f531235e621

    • SSDEEP

      49152:4/aZPw3paa8sgncByUB7ceWVhskHCnuCM6TeYEAwqx6TV:4Fgrc42QRskHquCBejgx6T

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks