General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    241002-wrfpaazcpl

  • MD5

    0cc0dde30340df0d15b6303992299609

  • SHA1

    046d9df9f62b9931dc762f8c6d80a63497341b82

  • SHA256

    9f768bfae787aeed4ca09a7f95ea6d503338f8f1ed021fd9267e8c5c2560da56

  • SHA512

    d977c031e3c5f11485344a86532196569ef5dcafd20e0f1c8fd87c743ee14cd4a4a7b35d6e747ffcf344c99f5a9d09158ea3222a03d9d7c49415cc57db71787f

  • SSDEEP

    24576:cTbqtyUU5NxasZl6JNCtc31xCrY3huWYpTwaXUlYU4mU6KN58/9nRIM0Uycajbmc:mqcx91UxP37eJUlpKe9nRHzIjbmtR8

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      0cc0dde30340df0d15b6303992299609

    • SHA1

      046d9df9f62b9931dc762f8c6d80a63497341b82

    • SHA256

      9f768bfae787aeed4ca09a7f95ea6d503338f8f1ed021fd9267e8c5c2560da56

    • SHA512

      d977c031e3c5f11485344a86532196569ef5dcafd20e0f1c8fd87c743ee14cd4a4a7b35d6e747ffcf344c99f5a9d09158ea3222a03d9d7c49415cc57db71787f

    • SSDEEP

      24576:cTbqtyUU5NxasZl6JNCtc31xCrY3huWYpTwaXUlYU4mU6KN58/9nRIM0Uycajbmc:mqcx91UxP37eJUlpKe9nRHzIjbmtR8

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks