General
-
Target
file.exe
-
Size
2.8MB
-
Sample
240920-l6sbhs1eqj
-
MD5
59d3c029c61d7c331721331502d8dee9
-
SHA1
b312b81ff9304f7a6f8bd5f06a4c61a2f58ef5b2
-
SHA256
c64266d6dfa4084e229627d96fabb3da3dab219fdc3ddc349a1d68a1e610681b
-
SHA512
be8914573e51a2ff1c4e15d517bf3be1314877c416f23bcb43b69bb6afb2876ddedb31671cdf6bdb3b09e644bc0e362c267aa9adadb9d8f72166232f379f8c71
-
SSDEEP
49152:znkAtdeJ/vwjbGlAMKoHSJipCRQZTsW2ppP/uHB2:QAtdeJ/vwj6lfLHSJyCuMpP/4A
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
2.8MB
-
MD5
59d3c029c61d7c331721331502d8dee9
-
SHA1
b312b81ff9304f7a6f8bd5f06a4c61a2f58ef5b2
-
SHA256
c64266d6dfa4084e229627d96fabb3da3dab219fdc3ddc349a1d68a1e610681b
-
SHA512
be8914573e51a2ff1c4e15d517bf3be1314877c416f23bcb43b69bb6afb2876ddedb31671cdf6bdb3b09e644bc0e362c267aa9adadb9d8f72166232f379f8c71
-
SSDEEP
49152:znkAtdeJ/vwjbGlAMKoHSJipCRQZTsW2ppP/uHB2:QAtdeJ/vwj6lfLHSJyCuMpP/4A
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4