General

  • Target

    462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972.exe

  • Size

    1.7MB

  • Sample

    241121-fbnryszbrl

  • MD5

    4b517665a74a84df87d5360aa6560efb

  • SHA1

    8e2981eaf255f7e1cc90da8b494148281769bcb4

  • SHA256

    462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972

  • SHA512

    98bd7c367a1c98eb8bacc975f5cd1a9302d68f6661af529f173fa9f2433ab773aed7c9a6fc8b41b654fffd3514443ec1804b86b747baf9b0d9381ce7d6b388ee

  • SSDEEP

    49152:LKaFTLAwjiRsaAe9BOKRdqo0GQtTyWHIQ:2onjiyaAeOKRdEGETy

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972.exe

    • Size

      1.7MB

    • MD5

      4b517665a74a84df87d5360aa6560efb

    • SHA1

      8e2981eaf255f7e1cc90da8b494148281769bcb4

    • SHA256

      462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972

    • SHA512

      98bd7c367a1c98eb8bacc975f5cd1a9302d68f6661af529f173fa9f2433ab773aed7c9a6fc8b41b654fffd3514443ec1804b86b747baf9b0d9381ce7d6b388ee

    • SSDEEP

      49152:LKaFTLAwjiRsaAe9BOKRdqo0GQtTyWHIQ:2onjiyaAeOKRdEGETy

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks