General

  • Target

    8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53.exe

  • Size

    1.8MB

  • Sample

    241122-c9wzfaypbm

  • MD5

    33ce040234457605280e28c3bda4ae36

  • SHA1

    5f3a7512ea1a032aabd60a2fd364d073ee2fc8f9

  • SHA256

    8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53

  • SHA512

    997e26d1137bc0e6594ce3d3bdc33013e3c684cd244294bb3c6da0c81696da55a6865830092193c8e233990712bde31e7ea3b198f94f0e55d7008aea10016e16

  • SSDEEP

    49152:Y1y20JZiLlkEkOXHKWI+w8EO/mdobM/JImNaWO/3vul8j:cy3/Clk8HKWIj8EmlCIWS3i

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53.exe

    • Size

      1.8MB

    • MD5

      33ce040234457605280e28c3bda4ae36

    • SHA1

      5f3a7512ea1a032aabd60a2fd364d073ee2fc8f9

    • SHA256

      8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53

    • SHA512

      997e26d1137bc0e6594ce3d3bdc33013e3c684cd244294bb3c6da0c81696da55a6865830092193c8e233990712bde31e7ea3b198f94f0e55d7008aea10016e16

    • SSDEEP

      49152:Y1y20JZiLlkEkOXHKWI+w8EO/mdobM/JImNaWO/3vul8j:cy3/Clk8HKWIj8EmlCIWS3i

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks