General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241117-lwmchsxcld

  • MD5

    ec4bd9744e2e636d56ef391ea4df0f0e

  • SHA1

    864d421f8d58280d51496986de17f2604c6617c9

  • SHA256

    83d02cb7609b67aee1713261c384d8c6716e4d0f1bb7d9abfaf8f3f0306a0afc

  • SHA512

    c9aec87bbee3964ef70eb13ea0b8e972020d3abb74d99dd7338d59dbf9b61f5f3fca3324e418565340512d1e55b30cf2a23143284dfd948303ba80ac67151129

  • SSDEEP

    49152:lsaFvOOXelzY3S5OUlj5z+Mwv1x24BCgKWRDLvBWtqb:esWOIOUV5z+lxc1WtvBWU

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      ec4bd9744e2e636d56ef391ea4df0f0e

    • SHA1

      864d421f8d58280d51496986de17f2604c6617c9

    • SHA256

      83d02cb7609b67aee1713261c384d8c6716e4d0f1bb7d9abfaf8f3f0306a0afc

    • SHA512

      c9aec87bbee3964ef70eb13ea0b8e972020d3abb74d99dd7338d59dbf9b61f5f3fca3324e418565340512d1e55b30cf2a23143284dfd948303ba80ac67151129

    • SSDEEP

      49152:lsaFvOOXelzY3S5OUlj5z+Mwv1x24BCgKWRDLvBWtqb:esWOIOUV5z+lxc1WtvBWU

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks