General
-
Target
279887d41feda1e7073ce3b07ddea1a3e56008b8271f4bb6d33ea07046311386.exe
-
Size
2.8MB
-
Sample
240920-q9mmnazgkk
-
MD5
a27dc7b161d6882d6d404b8396f653b3
-
SHA1
4d2e8b39d153ffd39d20505c71c5e35799e202aa
-
SHA256
279887d41feda1e7073ce3b07ddea1a3e56008b8271f4bb6d33ea07046311386
-
SHA512
77cd1db54cb97a6e8291448604f72046e6beb8c6643de547ccf79cb1599416a66799f4df2a9e0746ab9b3ccaa64d7795d373beb4b982487f5a627dc81bc2fad4
-
SSDEEP
49152:8BFIGzl11KmxmcZMqg9JpjRTmd/v9yKBESoE0V4:wIGR11KmxmcZVgrpgd/v9HESWV4
Static task
static1
Behavioral task
behavioral1
Sample
279887d41feda1e7073ce3b07ddea1a3e56008b8271f4bb6d33ea07046311386.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
279887d41feda1e7073ce3b07ddea1a3e56008b8271f4bb6d33ea07046311386.exe
-
Size
2.8MB
-
MD5
a27dc7b161d6882d6d404b8396f653b3
-
SHA1
4d2e8b39d153ffd39d20505c71c5e35799e202aa
-
SHA256
279887d41feda1e7073ce3b07ddea1a3e56008b8271f4bb6d33ea07046311386
-
SHA512
77cd1db54cb97a6e8291448604f72046e6beb8c6643de547ccf79cb1599416a66799f4df2a9e0746ab9b3ccaa64d7795d373beb4b982487f5a627dc81bc2fad4
-
SSDEEP
49152:8BFIGzl11KmxmcZMqg9JpjRTmd/v9yKBESoE0V4:wIGR11KmxmcZVgrpgd/v9HESWV4
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-