General
-
Target
366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599.exe
-
Size
2.8MB
-
Sample
240920-q7tyyszcna
-
MD5
2eb70ea6989f3cb1763ffef0d851d05b
-
SHA1
c69538e1147dc754dffa6cf98e7d3ac9ce73eae5
-
SHA256
366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599
-
SHA512
23b4679ccfa152ee5cf1b7de420a9da6a2ff0f13d75064c7dbd92111f6f30b81072b1f9136910c20b3f13e5a163ec7847aae01f3ebe9cb38758039f82f3d9f9d
-
SSDEEP
49152:aR2RFy+OUY48H0R8mDxwEincrs8yYz1Ucl:aoFy+O48H0RtwZ18yOD
Static task
static1
Behavioral task
behavioral1
Sample
366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599.exe
-
Size
2.8MB
-
MD5
2eb70ea6989f3cb1763ffef0d851d05b
-
SHA1
c69538e1147dc754dffa6cf98e7d3ac9ce73eae5
-
SHA256
366da4e5402c25e8e3933ffad812403613c8386d92df8186db889496e0ee5599
-
SHA512
23b4679ccfa152ee5cf1b7de420a9da6a2ff0f13d75064c7dbd92111f6f30b81072b1f9136910c20b3f13e5a163ec7847aae01f3ebe9cb38758039f82f3d9f9d
-
SSDEEP
49152:aR2RFy+OUY48H0R8mDxwEincrs8yYz1Ucl:aoFy+O48H0RtwZ18yOD
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-