General
-
Target
d83419f6ec81684092de2848969729ecc04168f5d75ef08d3369ea12b3d52fa1
-
Size
2.7MB
-
Sample
240919-2n6n7avglq
-
MD5
27cd7550b87cdce809595368ffe1462e
-
SHA1
08cf1b9dd15cc492953755783e6014d651e00a4f
-
SHA256
d83419f6ec81684092de2848969729ecc04168f5d75ef08d3369ea12b3d52fa1
-
SHA512
92d1df6e5d921d3b112a2e5716803e6e072360162c00d49922278d912f260b8c5537b4eb3b459a162c481634c03663b596ffd88fe517034fef363aca17798b1a
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89ry:dSfpUcW9y+ike76QvdKU2I4H89ry
Static task
static1
Behavioral task
behavioral1
Sample
d83419f6ec81684092de2848969729ecc04168f5d75ef08d3369ea12b3d52fa1.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
d83419f6ec81684092de2848969729ecc04168f5d75ef08d3369ea12b3d52fa1
-
Size
2.7MB
-
MD5
27cd7550b87cdce809595368ffe1462e
-
SHA1
08cf1b9dd15cc492953755783e6014d651e00a4f
-
SHA256
d83419f6ec81684092de2848969729ecc04168f5d75ef08d3369ea12b3d52fa1
-
SHA512
92d1df6e5d921d3b112a2e5716803e6e072360162c00d49922278d912f260b8c5537b4eb3b459a162c481634c03663b596ffd88fe517034fef363aca17798b1a
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89ry:dSfpUcW9y+ike76QvdKU2I4H89ry
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-