General
-
Target
b6366970921b26d2710fd6b1faba2f8b41a2d0f5f8abf88696722ae827ab769f
-
Size
1.7MB
-
Sample
240919-2l3jravfkp
-
MD5
10d729adf3761e8e9d68fb454df3d812
-
SHA1
40a0969a8cc931f3228c9eed17792cdcbe54e8c3
-
SHA256
b6366970921b26d2710fd6b1faba2f8b41a2d0f5f8abf88696722ae827ab769f
-
SHA512
917064ccf17d2544133042cb05e5511856ee31f573caafd5796398a867e7ab673c20963cfba344bab3d1bdc963d87014b632bfc57baf120b8e1945a1ae94225c
-
SSDEEP
49152:m6PnTXMDqWrayA5V9uTyIJwhNx2ljCIAzhs2utL6yN:msjMDFraysV9ujwEpshs4y
Static task
static1
Behavioral task
behavioral1
Sample
b6366970921b26d2710fd6b1faba2f8b41a2d0f5f8abf88696722ae827ab769f.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
b6366970921b26d2710fd6b1faba2f8b41a2d0f5f8abf88696722ae827ab769f
-
Size
1.7MB
-
MD5
10d729adf3761e8e9d68fb454df3d812
-
SHA1
40a0969a8cc931f3228c9eed17792cdcbe54e8c3
-
SHA256
b6366970921b26d2710fd6b1faba2f8b41a2d0f5f8abf88696722ae827ab769f
-
SHA512
917064ccf17d2544133042cb05e5511856ee31f573caafd5796398a867e7ab673c20963cfba344bab3d1bdc963d87014b632bfc57baf120b8e1945a1ae94225c
-
SSDEEP
49152:m6PnTXMDqWrayA5V9uTyIJwhNx2ljCIAzhs2utL6yN:msjMDFraysV9ujwEpshs4y
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-