General

  • Target

    90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd.exe

  • Size

    1.8MB

  • Sample

    241123-c9963awnfy

  • MD5

    e5a48f23e7b32f452f9bf2e6bf42094c

  • SHA1

    4f95895d7a641793c3e603847c06ffd51fb29940

  • SHA256

    90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd

  • SHA512

    3ad71818ffa0544e8c7e302c49a51b7e58b42543a0640a588e448d4d1ebb9e4b880e1869a634b7e66a2d11849eb2c68672b575f7b6386393bc02ff052293ded4

  • SSDEEP

    49152:LLrjKJvZOWRzfxWd7YVHqLU7of4A88ahonJr8AY5h/v:fvKmIzfxW5f+e4V4aT5

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd.exe

    • Size

      1.8MB

    • MD5

      e5a48f23e7b32f452f9bf2e6bf42094c

    • SHA1

      4f95895d7a641793c3e603847c06ffd51fb29940

    • SHA256

      90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd

    • SHA512

      3ad71818ffa0544e8c7e302c49a51b7e58b42543a0640a588e448d4d1ebb9e4b880e1869a634b7e66a2d11849eb2c68672b575f7b6386393bc02ff052293ded4

    • SSDEEP

      49152:LLrjKJvZOWRzfxWd7YVHqLU7of4A88ahonJr8AY5h/v:fvKmIzfxW5f+e4V4aT5

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks