General
-
Target
8b92fc7fe77b33e3b519b1f2ce71819fb59986087b683a331cc6364b30b3feed
-
Size
1.8MB
-
Sample
240908-l2hlhszcmp
-
MD5
c77aec68cde01c2087568c637c107bf9
-
SHA1
78a91cc383661a50b83384f7182eba10fdf1a633
-
SHA256
8b92fc7fe77b33e3b519b1f2ce71819fb59986087b683a331cc6364b30b3feed
-
SHA512
0d431f06cd4b4a576ff1d58a1b746da54793dc85814c1b6800396cca33413278ee3d1639ba3735fca1031c93a8d2e9202b447627f76eb804868213c8adeab5b3
-
SSDEEP
24576:+U0RrYiFH/xAO9g2zb6V8eS6sMi/8pey88rXz8kXtbYkiRlZkrbEd0W:+7rYiF2ONv6CepsMi/qICXz8Cs3l+E
Static task
static1
Behavioral task
behavioral1
Sample
8b92fc7fe77b33e3b519b1f2ce71819fb59986087b683a331cc6364b30b3feed.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
amadey
4.41
c7817d
http://31.41.244.10
-
install_dir
0e8d0864aa
-
install_file
svoutse.exe
-
strings_key
5481b88a6ef75bcf21333988a4e47048
-
url_paths
/Dem7kTu/index.php
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
8b92fc7fe77b33e3b519b1f2ce71819fb59986087b683a331cc6364b30b3feed
-
Size
1.8MB
-
MD5
c77aec68cde01c2087568c637c107bf9
-
SHA1
78a91cc383661a50b83384f7182eba10fdf1a633
-
SHA256
8b92fc7fe77b33e3b519b1f2ce71819fb59986087b683a331cc6364b30b3feed
-
SHA512
0d431f06cd4b4a576ff1d58a1b746da54793dc85814c1b6800396cca33413278ee3d1639ba3735fca1031c93a8d2e9202b447627f76eb804868213c8adeab5b3
-
SSDEEP
24576:+U0RrYiFH/xAO9g2zb6V8eS6sMi/8pey88rXz8kXtbYkiRlZkrbEd0W:+7rYiF2ONv6CepsMi/qICXz8Cs3l+E
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-