General

  • Target

    66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65.exe

  • Size

    1.7MB

  • Sample

    241003-byqslsxfnk

  • MD5

    a3353614cad88624dbedc88966d5bcdd

  • SHA1

    e14baf1143209efbeda79a5ad406da88138b9edf

  • SHA256

    66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65

  • SHA512

    82b0c13314250625b2d1f3d9ae946cff774b42dc85f3b0b064fd2d00c4e70fee9226519e2542f3b11b38265ce64f04746a3859cb097d76da5ac39d0e294b6a0a

  • SSDEEP

    49152:olO26MxC0iYWqSZBl+iuAZ+wVROkk7ZK:oSn0iY/SRT+wvZaZ

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65.exe

    • Size

      1.7MB

    • MD5

      a3353614cad88624dbedc88966d5bcdd

    • SHA1

      e14baf1143209efbeda79a5ad406da88138b9edf

    • SHA256

      66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65

    • SHA512

      82b0c13314250625b2d1f3d9ae946cff774b42dc85f3b0b064fd2d00c4e70fee9226519e2542f3b11b38265ce64f04746a3859cb097d76da5ac39d0e294b6a0a

    • SSDEEP

      49152:olO26MxC0iYWqSZBl+iuAZ+wVROkk7ZK:oSn0iY/SRT+wvZaZ

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks