General

  • Target

    362ede5e1060f28217d49706ced46a1bea1e175bf91c4a1457f921904b9bb32a.exe

  • Size

    1.7MB

  • Sample

    241124-cnne6synct

  • MD5

    925d775a24989da8e83cabcd00fde1d3

  • SHA1

    73373f88fa6798ac4a4bc1566b62814deeb362de

  • SHA256

    362ede5e1060f28217d49706ced46a1bea1e175bf91c4a1457f921904b9bb32a

  • SHA512

    f0866e412ba6733ba460eadcd01d76b5803d8ad17a9016ec0b1d5915de0e1360d3229e9a09c5ebe1911325029388645d68aeaec1ee78e5797b2c3f83d2a5dfc6

  • SSDEEP

    24576:EnHx9ww1LObpvbxoW+VeB8GjF+gQBYn1m3aTgd+2VUUNLaNRDxceeZF/6YIKt:ER9wm6doW/6kk4vTwVUsLGmy5

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      362ede5e1060f28217d49706ced46a1bea1e175bf91c4a1457f921904b9bb32a.exe

    • Size

      1.7MB

    • MD5

      925d775a24989da8e83cabcd00fde1d3

    • SHA1

      73373f88fa6798ac4a4bc1566b62814deeb362de

    • SHA256

      362ede5e1060f28217d49706ced46a1bea1e175bf91c4a1457f921904b9bb32a

    • SHA512

      f0866e412ba6733ba460eadcd01d76b5803d8ad17a9016ec0b1d5915de0e1360d3229e9a09c5ebe1911325029388645d68aeaec1ee78e5797b2c3f83d2a5dfc6

    • SSDEEP

      24576:EnHx9ww1LObpvbxoW+VeB8GjF+gQBYn1m3aTgd+2VUUNLaNRDxceeZF/6YIKt:ER9wm6doW/6kk4vTwVUsLGmy5

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks