General
-
Target
c2d5b8b680490b04d485a294096f34001e201a6779e9efc29239e8a062cd6138
-
Size
2.8MB
-
Sample
240919-2mppaavfnp
-
MD5
ec3f6c4e16df7c6b6be8c282d4114b50
-
SHA1
d69573a3684525f5f6eaba8943a558fe37de8be5
-
SHA256
c2d5b8b680490b04d485a294096f34001e201a6779e9efc29239e8a062cd6138
-
SHA512
bab283f99a67f381d3fbe1aaeebc116bb6237ec93909bfd0606f9e5bddce4d527e002e5258772e120620739f2e0206b481c68ddee128d216621cef514aa39516
-
SSDEEP
49152:J9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONvugjD:J9Oon2Lfxiu9+Rfdw93t5V4gVOpugjD
Static task
static1
Behavioral task
behavioral1
Sample
c2d5b8b680490b04d485a294096f34001e201a6779e9efc29239e8a062cd6138.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
c2d5b8b680490b04d485a294096f34001e201a6779e9efc29239e8a062cd6138
-
Size
2.8MB
-
MD5
ec3f6c4e16df7c6b6be8c282d4114b50
-
SHA1
d69573a3684525f5f6eaba8943a558fe37de8be5
-
SHA256
c2d5b8b680490b04d485a294096f34001e201a6779e9efc29239e8a062cd6138
-
SHA512
bab283f99a67f381d3fbe1aaeebc116bb6237ec93909bfd0606f9e5bddce4d527e002e5258772e120620739f2e0206b481c68ddee128d216621cef514aa39516
-
SSDEEP
49152:J9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONvugjD:J9Oon2Lfxiu9+Rfdw93t5V4gVOpugjD
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-