General

  • Target

    random.exe

  • Size

    1.7MB

  • Sample

    250122-q5199ayqfy

  • MD5

    7fa381cd8c80e6930f9ead27ab8d65d5

  • SHA1

    9478be51941ba8077be76c75a6180e5468ba90aa

  • SHA256

    5ffbfc038a1ab3b850f1afd6b5283501875bb98ee5f9541ed6edf706d2891f6f

  • SHA512

    60c9d72fe393d846015585ab078c33211e1755071ea465a645ee2e80b48a392258f3b492161e92685e26f82c3848c2c1097a280b3fb0edcd5d78b4e4db30b523

  • SSDEEP

    49152:aG2fPSWTmRNDe5VobzkU+v5OLY0GgP+H7OvR6O:92XSWTX5VoEUI5Ok0xO65

Malware Config

Extracted

Family

stealc

Botnet

brat

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      random.exe

    • Size

      1.7MB

    • MD5

      7fa381cd8c80e6930f9ead27ab8d65d5

    • SHA1

      9478be51941ba8077be76c75a6180e5468ba90aa

    • SHA256

      5ffbfc038a1ab3b850f1afd6b5283501875bb98ee5f9541ed6edf706d2891f6f

    • SHA512

      60c9d72fe393d846015585ab078c33211e1755071ea465a645ee2e80b48a392258f3b492161e92685e26f82c3848c2c1097a280b3fb0edcd5d78b4e4db30b523

    • SSDEEP

      49152:aG2fPSWTmRNDe5VobzkU+v5OLY0GgP+H7OvR6O:92XSWTX5VoEUI5Ok0xO65

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.