General
-
Target
c9e48c02127272f3f7c009b3e1128a051181cf2f692cd4b4ff0bff5a4c6d8710
-
Size
2.7MB
-
Sample
240919-2myxysvfqk
-
MD5
f25ce92339cd1e98afbb262738ff1f87
-
SHA1
6a9cacb1c43683bd99adb09465513fb43c35cef1
-
SHA256
c9e48c02127272f3f7c009b3e1128a051181cf2f692cd4b4ff0bff5a4c6d8710
-
SHA512
7259502a8663c6e476779a018af948ea8ca3932ae14733108e244d91fb60d48f4510f5bd622a34dad5ab69f8e9ba9106f510acebceb06cd686ff215846780ce4
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rS:dSfpUcW9y+ike76QvdKU2I4H89rS
Static task
static1
Behavioral task
behavioral1
Sample
c9e48c02127272f3f7c009b3e1128a051181cf2f692cd4b4ff0bff5a4c6d8710.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
c9e48c02127272f3f7c009b3e1128a051181cf2f692cd4b4ff0bff5a4c6d8710
-
Size
2.7MB
-
MD5
f25ce92339cd1e98afbb262738ff1f87
-
SHA1
6a9cacb1c43683bd99adb09465513fb43c35cef1
-
SHA256
c9e48c02127272f3f7c009b3e1128a051181cf2f692cd4b4ff0bff5a4c6d8710
-
SHA512
7259502a8663c6e476779a018af948ea8ca3932ae14733108e244d91fb60d48f4510f5bd622a34dad5ab69f8e9ba9106f510acebceb06cd686ff215846780ce4
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rS:dSfpUcW9y+ike76QvdKU2I4H89rS
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-