General

  • Target

    5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908.exe

  • Size

    1.7MB

  • Sample

    241122-cy2esaylhr

  • MD5

    81380b3f4700458353f68405ba69f471

  • SHA1

    2c51c11246200de63ac0121df7fc94545f0aef38

  • SHA256

    5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908

  • SHA512

    a59cd918a59a2aef818e2974579026a1ab344bfe658e23954550b6c2d44df2285d5365cd60d4086c60d4234ed8616546826d9ed66634150f0d4fde8702e0ff3f

  • SSDEEP

    24576:8KiYYsFZEkLMfHBj9SckDSBaCJcHl7XSPCtLP13h65igzXV0v5qrUKzuThUaU3SR:8HYYVk8j9LkDfrnhy7Wv5GBzEhmiDd

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908.exe

    • Size

      1.7MB

    • MD5

      81380b3f4700458353f68405ba69f471

    • SHA1

      2c51c11246200de63ac0121df7fc94545f0aef38

    • SHA256

      5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908

    • SHA512

      a59cd918a59a2aef818e2974579026a1ab344bfe658e23954550b6c2d44df2285d5365cd60d4086c60d4234ed8616546826d9ed66634150f0d4fde8702e0ff3f

    • SSDEEP

      24576:8KiYYsFZEkLMfHBj9SckDSBaCJcHl7XSPCtLP13h65igzXV0v5qrUKzuThUaU3SR:8HYYVk8j9LkDfrnhy7Wv5GBzEhmiDd

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks