General
-
Target
fba6d07409c562e949bd1c358ebc0c07d87809f916c80f27d8751a2a11168d64
-
Size
2.7MB
-
Sample
240919-2qrytavhkm
-
MD5
13462194caa0d7be3d89a5a6309682a5
-
SHA1
1e26ca15511b9229cb9e6f4fce1641ad6435b4a4
-
SHA256
fba6d07409c562e949bd1c358ebc0c07d87809f916c80f27d8751a2a11168d64
-
SHA512
d4d127c1723325d842a165075844f39bd817341eed4ea6f0d840d370eda28f19b1b366c1562e3c8fad7a9ae1432f6b7bd6ac0cc33f781693ae27fc9d92e439bc
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rN:dSfpUcW9y+ike76QvdKU2I4H89rN
Static task
static1
Behavioral task
behavioral1
Sample
fba6d07409c562e949bd1c358ebc0c07d87809f916c80f27d8751a2a11168d64.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
fba6d07409c562e949bd1c358ebc0c07d87809f916c80f27d8751a2a11168d64
-
Size
2.7MB
-
MD5
13462194caa0d7be3d89a5a6309682a5
-
SHA1
1e26ca15511b9229cb9e6f4fce1641ad6435b4a4
-
SHA256
fba6d07409c562e949bd1c358ebc0c07d87809f916c80f27d8751a2a11168d64
-
SHA512
d4d127c1723325d842a165075844f39bd817341eed4ea6f0d840d370eda28f19b1b366c1562e3c8fad7a9ae1432f6b7bd6ac0cc33f781693ae27fc9d92e439bc
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rN:dSfpUcW9y+ike76QvdKU2I4H89rN
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-