General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    241027-zydp2ssdrg

  • MD5

    89fe288ad46d83c88f21e53434582e9d

  • SHA1

    3c40087afe459adc189df369b41f9f4ce68b4317

  • SHA256

    2b5485e8c671f5ef74c711f373d62ecd309311bccba6354919dcd1b28fb2e2ec

  • SHA512

    2950eca6dfcf03751fc77fafc036c0b2b9e8fc55d40eff5a150722dd8cec5e80d6dd15a37042bd38a79d55eb92b9f8e472761671b75dcd58ed4d2ee6740ef533

  • SSDEEP

    49152:puBHM3mSI84QA66kNvKnoyW6RdSwkHKL1wt/b36FrbecG/s4ldf5:cBM3ml/566g3owLg16Yrbvg3x

Malware Config

Extracted

Family

stealc

Botnet

tale

C2

http://185.215.113.206

Attributes
  • url_path

    /6c4adf523b719729.php

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      89fe288ad46d83c88f21e53434582e9d

    • SHA1

      3c40087afe459adc189df369b41f9f4ce68b4317

    • SHA256

      2b5485e8c671f5ef74c711f373d62ecd309311bccba6354919dcd1b28fb2e2ec

    • SHA512

      2950eca6dfcf03751fc77fafc036c0b2b9e8fc55d40eff5a150722dd8cec5e80d6dd15a37042bd38a79d55eb92b9f8e472761671b75dcd58ed4d2ee6740ef533

    • SSDEEP

      49152:puBHM3mSI84QA66kNvKnoyW6RdSwkHKL1wt/b36FrbecG/s4ldf5:cBM3ml/566g3owLg16Yrbvg3x

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks