General

  • Target

    d605ba8b1c39b46eb25930d626732370bc4fbe2552a047fad1db96c2f7086d58.exe

  • Size

    1.7MB

  • Sample

    241124-dac8qawper

  • MD5

    4bad8287c5a86eece84ae3eeef0e3ece

  • SHA1

    241ff4e835e0a51700838430a596e197259b3ee2

  • SHA256

    d605ba8b1c39b46eb25930d626732370bc4fbe2552a047fad1db96c2f7086d58

  • SHA512

    9e4e47dd222e5076d7384b395b8af7586536aa7358b576fb7813e59b4a6b7ca90da74a58702b68160cb01b2ba0b6c354509df8dad2dde5d10ac17fdebf2c21ea

  • SSDEEP

    49152:4ucGQoTHEJRMRseP6WimqVqX+WNdS9Crias7U6yJ:42HE8VPum2b4d6U6y

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      d605ba8b1c39b46eb25930d626732370bc4fbe2552a047fad1db96c2f7086d58.exe

    • Size

      1.7MB

    • MD5

      4bad8287c5a86eece84ae3eeef0e3ece

    • SHA1

      241ff4e835e0a51700838430a596e197259b3ee2

    • SHA256

      d605ba8b1c39b46eb25930d626732370bc4fbe2552a047fad1db96c2f7086d58

    • SHA512

      9e4e47dd222e5076d7384b395b8af7586536aa7358b576fb7813e59b4a6b7ca90da74a58702b68160cb01b2ba0b6c354509df8dad2dde5d10ac17fdebf2c21ea

    • SSDEEP

      49152:4ucGQoTHEJRMRseP6WimqVqX+WNdS9Crias7U6yJ:42HE8VPum2b4d6U6y

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks