Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241012-3fzfksxcqa

  • MD5

    cfdd8a903441555e23417125bccc4e60

  • SHA1

    5ee09d72d09a587d1399d651d5e2d3e199899ae3

  • SHA256

    51104c217fb4ac57c1ef1071eaf80c801e17a2ca4c1b83a31d2d7a43b5f22671

  • SHA512

    2f05454ec5fdccc149959a39fba755223998a6c23828cef3fb893f70ceaed253d6ebee511356aeb315a73d77e839aef3bddde0e4fe6736be952adedd945aa853

  • SSDEEP

    24576:lKs9OT6FhNwzGxqIhUcoevXJ7/bJDq74o83qbwY+l7CicoU4k3UxICaS6:lbY6PCjzc5h9mE9aZ+leiVLmUxICaS

Score
10/10
stealcdomadiscoveryevasionstealer

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      cfdd8a903441555e23417125bccc4e60

    • SHA1

      5ee09d72d09a587d1399d651d5e2d3e199899ae3

    • SHA256

      51104c217fb4ac57c1ef1071eaf80c801e17a2ca4c1b83a31d2d7a43b5f22671

    • SHA512

      2f05454ec5fdccc149959a39fba755223998a6c23828cef3fb893f70ceaed253d6ebee511356aeb315a73d77e839aef3bddde0e4fe6736be952adedd945aa853

    • SSDEEP

      24576:lKs9OT6FhNwzGxqIhUcoevXJ7/bJDq74o83qbwY+l7CicoU4k3UxICaS6:lbY6PCjzc5h9mE9aZ+leiVLmUxICaS

    Score
    10/10
    stealcdomadiscoveryevasionstealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks