metastealer | 2714b7aea9d62bafe4a3a08feca334677e8ee835441fb20fa29454b8e6c3a81e | Triage

Submit
Reports

Overview

overview

Static

static

2714b7aea9...1e.exe

windows7_x64

2714b7aea9...1e.exe

windows10-2004_x64

Sharing

General

Target

2714b7aea9d62bafe4a3a08feca334677e8ee835441fb20fa29454b8e6c3a81e
Size

938KB
Sample

220414-hprrwaadhn
MD5

6b2c64128bf247c7b987c65c9de3f81c
SHA1

1629ef7f8e13baa063afc0f97a5cb755b68e331f
SHA256

2714b7aea9d62bafe4a3a08feca334677e8ee835441fb20fa29454b8e6c3a81e
SHA512

11ac5c09556cf0d99a7ad5d38ca397edcb4c9ce188706729f85b56eb07973d448bed9c8864b542a51e25f33dec6f5b1c4499b95855874b3113b8becc3a6114bb

Score

10^/10

metastealer evasion stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

2714b7aea9d62bafe4a3a08feca334677e8ee835441fb20fa29454b8e6c3a81e.exe

Resource

win7-20220310-en

evasion suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2714b7aea9d62bafe4a3a08feca334677e8ee835441fb20fa29454b8e6c3a81e.exe

Resource

win10v2004-20220310-en

metastealer evasion stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2714b7aea9d62bafe4a3a08feca334677e8ee835441fb20fa29454b8e6c3a81e
- Size
  
  938KB
- MD5
  
  6b2c64128bf247c7b987c65c9de3f81c
- SHA1
  
  1629ef7f8e13baa063afc0f97a5cb755b68e331f
- SHA256
  
  2714b7aea9d62bafe4a3a08feca334677e8ee835441fb20fa29454b8e6c3a81e
- SHA512
  
  11ac5c09556cf0d99a7ad5d38ca397edcb4c9ce188706729f85b56eb07973d448bed9c8864b542a51e25f33dec6f5b1c4499b95855874b3113b8becc3a6114bb
Score

10^/10

evasion suricata metastealer stealer
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
  suricata
- suricata: ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
  suricata: ET MALWARE Possible Malicious Macro EXE DL AlphaNumL
  suricata
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionsuricata

behavioral2

metastealerevasionstealersuricata

© 2018-2025

Terms | Privacy