General

  • Target

    4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0.exe

  • Size

    1.7MB

  • Sample

    241123-cvqh4swjhv

  • MD5

    6edefc0c895756e5e929668b5f804c1f

  • SHA1

    37cc66db57185d2dd9827f2a5670fe527592d5d2

  • SHA256

    4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0

  • SHA512

    5f34e6de56f5d86d59ccbb966b1dbff64ef8b2a759bc9cfbadde40e05d6c2924940a6c63329f633d9464ac8ae35dc9ada419ad3436dc787a2b1bfbe7c120b13c

  • SSDEEP

    49152:YsK+ovd70fKBOtE8bf8W7yVzlEBikSRZh+Kop1UemI/eh:Y4kMoOtE8IWMiikSjhfsenieh

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0.exe

    • Size

      1.7MB

    • MD5

      6edefc0c895756e5e929668b5f804c1f

    • SHA1

      37cc66db57185d2dd9827f2a5670fe527592d5d2

    • SHA256

      4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0

    • SHA512

      5f34e6de56f5d86d59ccbb966b1dbff64ef8b2a759bc9cfbadde40e05d6c2924940a6c63329f633d9464ac8ae35dc9ada419ad3436dc787a2b1bfbe7c120b13c

    • SSDEEP

      49152:YsK+ovd70fKBOtE8bf8W7yVzlEBikSRZh+Kop1UemI/eh:Y4kMoOtE8IWMiikSjhfsenieh

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks