General
-
Target
42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7.exe
-
Size
2.8MB
-
Sample
240920-qpljvsyfqj
-
MD5
83bb3a5722be86a8de2c8ee8f5475914
-
SHA1
f63a054ef8088f3f7bd10300480b46735c52a269
-
SHA256
42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7
-
SHA512
9d26355981b3794b59c72f58b08110a771f6e8622db3603e6974c4cec40a0387585e459d81ef14d9b5e3f56c9561787c2055c1d790c21cd73d763a29eb5528d5
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnIm5:bncMSleNaNhQ4d3XcGTWIm5
Static task
static1
Behavioral task
behavioral1
Sample
42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7.exe
-
Size
2.8MB
-
MD5
83bb3a5722be86a8de2c8ee8f5475914
-
SHA1
f63a054ef8088f3f7bd10300480b46735c52a269
-
SHA256
42b182126de4da3682a1d5c53cc7352b53305085de4f68d9d87b060751a090a7
-
SHA512
9d26355981b3794b59c72f58b08110a771f6e8622db3603e6974c4cec40a0387585e459d81ef14d9b5e3f56c9561787c2055c1d790c21cd73d763a29eb5528d5
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnIm5:bncMSleNaNhQ4d3XcGTWIm5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-