General
-
Target
c7c2fda0027361d7d5544a311da9e36058b845bb4e78c988d533be42edf02138
-
Size
1.7MB
-
Sample
240919-2mtm8svdja
-
MD5
6b3a661f028fcc8fdc9b04f4916b4324
-
SHA1
a6dd703797a20166df01471163f77cd92aaa0613
-
SHA256
c7c2fda0027361d7d5544a311da9e36058b845bb4e78c988d533be42edf02138
-
SHA512
f546382e7c659db6f7c003fe48c88a5498e3bac1ff0320913728c273b415cb70edf89e03fc7eca5bd4df93da8426f2c1e3506780c8523f83ba2f36772a1e5280
-
SSDEEP
49152:wxgXJlD/HEIkbBIPeNyncV+izbPtryJl:wyZ6/RGJl
Static task
static1
Behavioral task
behavioral1
Sample
c7c2fda0027361d7d5544a311da9e36058b845bb4e78c988d533be42edf02138.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
c7c2fda0027361d7d5544a311da9e36058b845bb4e78c988d533be42edf02138
-
Size
1.7MB
-
MD5
6b3a661f028fcc8fdc9b04f4916b4324
-
SHA1
a6dd703797a20166df01471163f77cd92aaa0613
-
SHA256
c7c2fda0027361d7d5544a311da9e36058b845bb4e78c988d533be42edf02138
-
SHA512
f546382e7c659db6f7c003fe48c88a5498e3bac1ff0320913728c273b415cb70edf89e03fc7eca5bd4df93da8426f2c1e3506780c8523f83ba2f36772a1e5280
-
SSDEEP
49152:wxgXJlD/HEIkbBIPeNyncV+izbPtryJl:wyZ6/RGJl
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-