General
-
Target
file.exe
-
Size
2.8MB
-
Sample
240920-ql86raybne
-
MD5
6d3bad951056981146f8c2cb7bf0e2a3
-
SHA1
e6816e4957b7a988091d875f78b634f2642e29fd
-
SHA256
38e8f61179f74a4af9a419157f5cba8cfb8c2a82afa409e6c60c0a0d5a143ac5
-
SHA512
56b5ce5a9ad77a3aa480b43a2317391a6db184077a63f5b506c73cef791ae9e688b9d6728f2b965745431fad57a35d8b89baf1040acc6e3ce0b512e7b23bfe91
-
SSDEEP
49152:64UKZ8U7cEsNiKgCbH1kiQLPy9wx+bKgLqxVdkBZ:sKZ8U7cEANgCbH1khLPIwx+egmFkj
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
2.8MB
-
MD5
6d3bad951056981146f8c2cb7bf0e2a3
-
SHA1
e6816e4957b7a988091d875f78b634f2642e29fd
-
SHA256
38e8f61179f74a4af9a419157f5cba8cfb8c2a82afa409e6c60c0a0d5a143ac5
-
SHA512
56b5ce5a9ad77a3aa480b43a2317391a6db184077a63f5b506c73cef791ae9e688b9d6728f2b965745431fad57a35d8b89baf1040acc6e3ce0b512e7b23bfe91
-
SSDEEP
49152:64UKZ8U7cEsNiKgCbH1kiQLPy9wx+bKgLqxVdkBZ:sKZ8U7cEANgCbH1khLPIwx+egmFkj
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-