General
-
Target
aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1
-
Size
2.7MB
-
Sample
240919-2lsdsavfjl
-
MD5
db14c81656d15a89e797eb0d7fdd5b10
-
SHA1
8e1a9e234cd0126291562c2e17f4cfd615c93e34
-
SHA256
aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1
-
SHA512
145b98e6780d2af04c88d7ed0ea3177b3adac5b657b5258e0d197eeb58e1e9732577e0abb3758e321a4f1c308992dfd9e114d68a27d533258fa7099cbcd80072
-
SSDEEP
49152:Y9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONe:Y9Oon2Lfxiu9+Rfdw93t5V4gVO4
Static task
static1
Behavioral task
behavioral1
Sample
aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1
-
Size
2.7MB
-
MD5
db14c81656d15a89e797eb0d7fdd5b10
-
SHA1
8e1a9e234cd0126291562c2e17f4cfd615c93e34
-
SHA256
aee1a9abc4ba92c3814e651786b69fafc2bb2bedbc7d9ca35a269983cc71d5a1
-
SHA512
145b98e6780d2af04c88d7ed0ea3177b3adac5b657b5258e0d197eeb58e1e9732577e0abb3758e321a4f1c308992dfd9e114d68a27d533258fa7099cbcd80072
-
SSDEEP
49152:Y9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONe:Y9Oon2Lfxiu9+Rfdw93t5V4gVO4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-