General

  • Target

    d471a5d2779134bc136114e9d1b3ae646253790e7f61f8a7f7493b5373c92471.exe

  • Size

    1.8MB

  • Sample

    241016-gbx63avfmd

  • MD5

    1a620c32bb500e477b34d9259df8687c

  • SHA1

    e008e2e65f786b46240fabde3bd24f18d0bb1dad

  • SHA256

    d471a5d2779134bc136114e9d1b3ae646253790e7f61f8a7f7493b5373c92471

  • SHA512

    db680b5160dc661accc58ea37da304faae33832d94c3879b445511dde14c804942c490237dc30a477b89fd64c2af8ea41c3f0307eaaaa5a76f8e7c64b20cc434

  • SSDEEP

    24576:LU+IShbUR/FXYAMMiNj7+WFLXoPLEwnoEUb2DBIwSmArD0SmohTnFI5tC/68:L4RyAif+WyTEi+baBIwSS+ktw68

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      d471a5d2779134bc136114e9d1b3ae646253790e7f61f8a7f7493b5373c92471.exe

    • Size

      1.8MB

    • MD5

      1a620c32bb500e477b34d9259df8687c

    • SHA1

      e008e2e65f786b46240fabde3bd24f18d0bb1dad

    • SHA256

      d471a5d2779134bc136114e9d1b3ae646253790e7f61f8a7f7493b5373c92471

    • SHA512

      db680b5160dc661accc58ea37da304faae33832d94c3879b445511dde14c804942c490237dc30a477b89fd64c2af8ea41c3f0307eaaaa5a76f8e7c64b20cc434

    • SSDEEP

      24576:LU+IShbUR/FXYAMMiNj7+WFLXoPLEwnoEUb2DBIwSmArD0SmohTnFI5tC/68:L4RyAif+WyTEi+baBIwSS+ktw68

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks