General
-
Target
faef4bc7989a00149e2887aa56e5048660a14a378991c90f9fdefae3fc9f5648
-
Size
2.8MB
-
Sample
240919-2qphpavepb
-
MD5
3ba078e419e673eef5c1df9dcd056a32
-
SHA1
490b75c77d6352df546a36452b3ace87d5c12191
-
SHA256
faef4bc7989a00149e2887aa56e5048660a14a378991c90f9fdefae3fc9f5648
-
SHA512
1dc87b3434f9a1650cce1220f2c929ead098faec6a6130bae5e3852213dd3c55302a94f75ca716edf1ae74dd2c8f0f37f7a701ed11ae3c93d6d0c85c1add9063
-
SSDEEP
49152:J9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONvugjp:J9Oon2Lfxiu9+Rfdw93t5V4gVOpugjp
Static task
static1
Behavioral task
behavioral1
Sample
faef4bc7989a00149e2887aa56e5048660a14a378991c90f9fdefae3fc9f5648.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
faef4bc7989a00149e2887aa56e5048660a14a378991c90f9fdefae3fc9f5648
-
Size
2.8MB
-
MD5
3ba078e419e673eef5c1df9dcd056a32
-
SHA1
490b75c77d6352df546a36452b3ace87d5c12191
-
SHA256
faef4bc7989a00149e2887aa56e5048660a14a378991c90f9fdefae3fc9f5648
-
SHA512
1dc87b3434f9a1650cce1220f2c929ead098faec6a6130bae5e3852213dd3c55302a94f75ca716edf1ae74dd2c8f0f37f7a701ed11ae3c93d6d0c85c1add9063
-
SSDEEP
49152:J9OonUhLfxiu9+Rfdw/6PoeWt5zQKH4T8VONvugjp:J9Oon2Lfxiu9+Rfdw93t5V4gVOpugjp
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-