General
-
Target
e2a1770da6d6838de2454af91092c33eb7f2c933617422826e2a15240f967266
-
Size
1.7MB
-
Sample
240919-2prawsvgpl
-
MD5
087b03122f2a7c24af29a7c3e574fa39
-
SHA1
c15df128fdfa9e29dab7c6a272db1e5dbf4f4f7c
-
SHA256
e2a1770da6d6838de2454af91092c33eb7f2c933617422826e2a15240f967266
-
SHA512
edbb50946cf8ea8f1fd401556a390901f4e4c4114ef9097a1e8e44a9c29452894a1541085037f5098a8395d9097cff0c56869b6637c53f4bd3c9482fef725d5a
-
SSDEEP
49152:nLYA3FJsKdtYvFqAcHuQ/mRUJijsYvWW:n/AKLYF1ekRrW
Static task
static1
Behavioral task
behavioral1
Sample
e2a1770da6d6838de2454af91092c33eb7f2c933617422826e2a15240f967266.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
e2a1770da6d6838de2454af91092c33eb7f2c933617422826e2a15240f967266
-
Size
1.7MB
-
MD5
087b03122f2a7c24af29a7c3e574fa39
-
SHA1
c15df128fdfa9e29dab7c6a272db1e5dbf4f4f7c
-
SHA256
e2a1770da6d6838de2454af91092c33eb7f2c933617422826e2a15240f967266
-
SHA512
edbb50946cf8ea8f1fd401556a390901f4e4c4114ef9097a1e8e44a9c29452894a1541085037f5098a8395d9097cff0c56869b6637c53f4bd3c9482fef725d5a
-
SSDEEP
49152:nLYA3FJsKdtYvFqAcHuQ/mRUJijsYvWW:n/AKLYF1ekRrW
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-