General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    241121-pb7z9sskbt

  • MD5

    f82d9cecd341af38b222a4306bc0588a

  • SHA1

    3359c049fe7cdb1867c8e19fb9d4c8ad54432b6f

  • SHA256

    f5622ec8edbadee157c022829ea267ee17ca517e9f306f0712c425024615f972

  • SHA512

    153ffc9b6d8fccbd8fb5cbf493177ecc1e0af5488c09409574ad64b392e66d59fad6fa7c88087ca57f47007aa15db084c7bc8ced81f88391d069fac4fff7eae6

  • SSDEEP

    49152:jFUgC1CbpZKv4iGSpXTDssKnhJ062HGFFhyeOJUIRFops32LF:prRbpDSpDQRhJ06yGF7yrV34

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      f82d9cecd341af38b222a4306bc0588a

    • SHA1

      3359c049fe7cdb1867c8e19fb9d4c8ad54432b6f

    • SHA256

      f5622ec8edbadee157c022829ea267ee17ca517e9f306f0712c425024615f972

    • SHA512

      153ffc9b6d8fccbd8fb5cbf493177ecc1e0af5488c09409574ad64b392e66d59fad6fa7c88087ca57f47007aa15db084c7bc8ced81f88391d069fac4fff7eae6

    • SSDEEP

      49152:jFUgC1CbpZKv4iGSpXTDssKnhJ062HGFFhyeOJUIRFops32LF:prRbpDSpDQRhJ06yGF7yrV34

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks