General

  • Target

    5008900485671d1e697b9afb70829eaa472b379f94e925394ad7b5ab681bdf3e

  • Size

    2.7MB

  • Sample

    241221-qtxspazqgz

  • MD5

    a2e7bea4344fd57b09e917ba50ecd482

  • SHA1

    70d3de6bb6f8f19c4b500c3190b307c21259d2af

  • SHA256

    5008900485671d1e697b9afb70829eaa472b379f94e925394ad7b5ab681bdf3e

  • SHA512

    9f12fd0c2f92be564f27084bb1c765d5c0dc92eb9f929e60e2e19fb8bbe9d44c262515c0bf81d2191f5ebdd94edaba6e9042c08af75281193fd3dbfd7d8859dc

  • SSDEEP

    49152:0P5IwAazK83ncTZYdJA6HbME4z4bQhFdaQlnR:0BIwAazz3cTZYdPnbQhXzn

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      5008900485671d1e697b9afb70829eaa472b379f94e925394ad7b5ab681bdf3e

    • Size

      2.7MB

    • MD5

      a2e7bea4344fd57b09e917ba50ecd482

    • SHA1

      70d3de6bb6f8f19c4b500c3190b307c21259d2af

    • SHA256

      5008900485671d1e697b9afb70829eaa472b379f94e925394ad7b5ab681bdf3e

    • SHA512

      9f12fd0c2f92be564f27084bb1c765d5c0dc92eb9f929e60e2e19fb8bbe9d44c262515c0bf81d2191f5ebdd94edaba6e9042c08af75281193fd3dbfd7d8859dc

    • SSDEEP

      49152:0P5IwAazK83ncTZYdJA6HbME4z4bQhFdaQlnR:0BIwAazz3cTZYdPnbQhXzn

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks