General
-
Target
e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6
-
Size
1.7MB
-
Sample
240919-2pzx2avgqm
-
MD5
f99bff62e7442175697c5b103a993298
-
SHA1
59a81d48e50a8ea2c55cf7ae56d0de9c379972f2
-
SHA256
e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6
-
SHA512
b14f226b58dee1054382377f4891e0f41a29babf721888dd46c304e3badc07eef6f530f041651249a85d4b1c007789fef4a9a684f140f3bbf7359e9212c1ecfb
-
SSDEEP
24576:80xMki4tLX0b9uaDrZubTY5h1VBWOjwvO5j0aelRr9K5UOa7T9nXCQbHVm+bs4qQ:4mq9u7bT2vk25Ab/r9EUO4Tl1LV
Static task
static1
Behavioral task
behavioral1
Sample
e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6
-
Size
1.7MB
-
MD5
f99bff62e7442175697c5b103a993298
-
SHA1
59a81d48e50a8ea2c55cf7ae56d0de9c379972f2
-
SHA256
e4f21df67f53b015398579b25cf7b5ce873d94522f7c6c8fced82673d135fac6
-
SHA512
b14f226b58dee1054382377f4891e0f41a29babf721888dd46c304e3badc07eef6f530f041651249a85d4b1c007789fef4a9a684f140f3bbf7359e9212c1ecfb
-
SSDEEP
24576:80xMki4tLX0b9uaDrZubTY5h1VBWOjwvO5j0aelRr9K5UOa7T9nXCQbHVm+bs4qQ:4mq9u7bT2vk25Ab/r9EUO4Tl1LV
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-