General

  • Target

    2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869

  • Size

    2.7MB

  • Sample

    241226-j61a1s1ldp

  • MD5

    6a745871d883b116a4bbc9607f5b7b9b

  • SHA1

    380a4cd6e33af3ff4363b6d16a9e05dd703f5f9e

  • SHA256

    2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869

  • SHA512

    f0de0884f50447a59da34a795cf7ed4be3ce245ca269d04eef6683307a47357f572d092d8ab4312e5244cd5c2979e040d3fe546930dd6f9945ac68ad791ef993

  • SSDEEP

    49152:nUuiVyXARi6ksfiracIahCQQnPQgTTkDUVdhuz0y9l:hiUQRi6ksfirazahpQnPQtD+TU0il

Malware Config

Extracted

Family

stealc

Botnet

stok

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869

    • Size

      2.7MB

    • MD5

      6a745871d883b116a4bbc9607f5b7b9b

    • SHA1

      380a4cd6e33af3ff4363b6d16a9e05dd703f5f9e

    • SHA256

      2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869

    • SHA512

      f0de0884f50447a59da34a795cf7ed4be3ce245ca269d04eef6683307a47357f572d092d8ab4312e5244cd5c2979e040d3fe546930dd6f9945ac68ad791ef993

    • SSDEEP

      49152:nUuiVyXARi6ksfiracIahCQQnPQgTTkDUVdhuz0y9l:hiUQRi6ksfirazahpQnPQtD+TU0il

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks