General

  • Target

    1acc37406e4e59e0d66c8f3194807d37e59df518acc93f5703a53cd74f678f1b.exe

  • Size

    1.8MB

  • Sample

    241003-bh58cszgjh

  • MD5

    561a29f2c41dc3c2eca4a3e1b3ee1ff3

  • SHA1

    6511e605814470a3c1264785125bc03010da81e3

  • SHA256

    1acc37406e4e59e0d66c8f3194807d37e59df518acc93f5703a53cd74f678f1b

  • SHA512

    617f0e5efb9aa7830b4c6d6a02d107476815626f22287d3094613ed2d4a95ecf6a2fb694e8a604bac3582d334f453796ba2437def296bb5d10cdb769dc562b73

  • SSDEEP

    49152:kudj5CZvkjK/k/WVKeQKVok5R1p+Ex8P9a3ELra:kDZvkjkKeQKVokNp+q8VA

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      1acc37406e4e59e0d66c8f3194807d37e59df518acc93f5703a53cd74f678f1b.exe

    • Size

      1.8MB

    • MD5

      561a29f2c41dc3c2eca4a3e1b3ee1ff3

    • SHA1

      6511e605814470a3c1264785125bc03010da81e3

    • SHA256

      1acc37406e4e59e0d66c8f3194807d37e59df518acc93f5703a53cd74f678f1b

    • SHA512

      617f0e5efb9aa7830b4c6d6a02d107476815626f22287d3094613ed2d4a95ecf6a2fb694e8a604bac3582d334f453796ba2437def296bb5d10cdb769dc562b73

    • SSDEEP

      49152:kudj5CZvkjK/k/WVKeQKVok5R1p+Ex8P9a3ELra:kDZvkjkKeQKVokNp+q8VA

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks