General
-
Target
21321ece49483896b0a64033093887377e08377103565d8d9ae68dd77bc5be52
-
Size
2.8MB
-
Sample
240919-2f53pathqe
-
MD5
f0feb518d47d16274140a82fe93f397b
-
SHA1
ef1b7d1794df87c6c2ddb990f2f3a9dc1c6d0301
-
SHA256
21321ece49483896b0a64033093887377e08377103565d8d9ae68dd77bc5be52
-
SHA512
e2a943513d2c6400ee6cb2e09eaf3c97afdc1833e0239dd10f992057b4e23b833df09f76a69cb6a1025ccda85476fd327a01a8bacd486612729026bcdffd248f
-
SSDEEP
49152:J9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONvugjf:J9Oon2Lfxiu9+Rfdw93t5V4gVOpugjf
Static task
static1
Behavioral task
behavioral1
Sample
21321ece49483896b0a64033093887377e08377103565d8d9ae68dd77bc5be52.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
21321ece49483896b0a64033093887377e08377103565d8d9ae68dd77bc5be52
-
Size
2.8MB
-
MD5
f0feb518d47d16274140a82fe93f397b
-
SHA1
ef1b7d1794df87c6c2ddb990f2f3a9dc1c6d0301
-
SHA256
21321ece49483896b0a64033093887377e08377103565d8d9ae68dd77bc5be52
-
SHA512
e2a943513d2c6400ee6cb2e09eaf3c97afdc1833e0239dd10f992057b4e23b833df09f76a69cb6a1025ccda85476fd327a01a8bacd486612729026bcdffd248f
-
SSDEEP
49152:J9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONvugjf:J9Oon2Lfxiu9+Rfdw93t5V4gVOpugjf
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4