General
-
Target
da6e17abf92543e7bcaaa82f2aad856b18152f3425d4d5b79c4ba54aac8d988f
-
Size
2.7MB
-
Sample
240919-2n771svgml
-
MD5
d18b7f85aacc78d947b0a22c5dbf8659
-
SHA1
85e58ba7f92c622069fdb59b723e7dcacaa6b6f9
-
SHA256
da6e17abf92543e7bcaaa82f2aad856b18152f3425d4d5b79c4ba54aac8d988f
-
SHA512
c7d7a4d701c7d783d1c3409bf31c3ec86669149729c550fbf64d96b24299b852ba99d7b4acbc04833898eec6fdbaa9938c979b3c96f9ef31409b5b6f497e0e89
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rf:dSfpUcW9y+ike76QvdKU2I4H89rf
Static task
static1
Behavioral task
behavioral1
Sample
da6e17abf92543e7bcaaa82f2aad856b18152f3425d4d5b79c4ba54aac8d988f.exe
Resource
win7-20240729-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
da6e17abf92543e7bcaaa82f2aad856b18152f3425d4d5b79c4ba54aac8d988f
-
Size
2.7MB
-
MD5
d18b7f85aacc78d947b0a22c5dbf8659
-
SHA1
85e58ba7f92c622069fdb59b723e7dcacaa6b6f9
-
SHA256
da6e17abf92543e7bcaaa82f2aad856b18152f3425d4d5b79c4ba54aac8d988f
-
SHA512
c7d7a4d701c7d783d1c3409bf31c3ec86669149729c550fbf64d96b24299b852ba99d7b4acbc04833898eec6fdbaa9938c979b3c96f9ef31409b5b6f497e0e89
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rf:dSfpUcW9y+ike76QvdKU2I4H89rf
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-