General
-
Target
build_protected.exe
-
Size
4.7MB
-
Sample
240418-fzjg5scb83
-
MD5
2c9c83301b713589ab743a18a63a38a3
-
SHA1
b586ca2150a97d24fcb6ee28d7ccbaa100d06e86
-
SHA256
9c0e848008ff66b1e5c2f01b9cdbd35f864c3bcab17d277a28a911d0bf003e92
-
SHA512
2a850f4b68566a299d6d763f767428c9dcb66e81307daefb79118b5c1e680b0fe9af63ebac82baf1a71adc11688ab1a575eaf668f2682bec44df7957ae87e242
-
SSDEEP
98304:GOsnLIlXdPy+mfW+r0bPqm8mPMQoT8NMo3++PZZ4Q1w1:VkMyLW+Q7X8MoTyf+ACr
Behavioral task
behavioral1
Sample
build_protected.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1230383121996714056/i-etyd8HOGg6zVqybyNWhauwWFzppYXVMuk5RbomH0rzHDj8YSYXVafO3v0LmVG0xg1l
Targets
-
-
Target
build_protected.exe
-
Size
4.7MB
-
MD5
2c9c83301b713589ab743a18a63a38a3
-
SHA1
b586ca2150a97d24fcb6ee28d7ccbaa100d06e86
-
SHA256
9c0e848008ff66b1e5c2f01b9cdbd35f864c3bcab17d277a28a911d0bf003e92
-
SHA512
2a850f4b68566a299d6d763f767428c9dcb66e81307daefb79118b5c1e680b0fe9af63ebac82baf1a71adc11688ab1a575eaf668f2682bec44df7957ae87e242
-
SSDEEP
98304:GOsnLIlXdPy+mfW+r0bPqm8mPMQoT8NMo3++PZZ4Q1w1:VkMyLW+Q7X8MoTyf+ACr
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-