General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    241117-jlyxfsyqfk

  • MD5

    89ef801ed84dfd00be3dbb50f3e234fc

  • SHA1

    17f54b208888baec8eb36abd50c611be41c70483

  • SHA256

    b8b30bc193a828797db75d7bd0a805ccf924aaff809e2c6c902426749b6a4728

  • SHA512

    0934506c1cd84d9fd23729b827c64b75c99d1f2237f6102c3cc2a5294df2d02ce9f8dd8b33b83f03c62dca05acd141c8a884956783d104dd65d09e2029e7fbb8

  • SSDEEP

    49152:MPQ2PxQuzP0KFt3Gux6EWJzxX7AaYLQRh7B2/W:aQ2PxQuzsKFZGuoP1Ff2Qnj

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      89ef801ed84dfd00be3dbb50f3e234fc

    • SHA1

      17f54b208888baec8eb36abd50c611be41c70483

    • SHA256

      b8b30bc193a828797db75d7bd0a805ccf924aaff809e2c6c902426749b6a4728

    • SHA512

      0934506c1cd84d9fd23729b827c64b75c99d1f2237f6102c3cc2a5294df2d02ce9f8dd8b33b83f03c62dca05acd141c8a884956783d104dd65d09e2029e7fbb8

    • SSDEEP

      49152:MPQ2PxQuzP0KFt3Gux6EWJzxX7AaYLQRh7B2/W:aQ2PxQuzsKFZGuoP1Ff2Qnj

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks