General
-
Target
549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df.exe
-
Size
2.7MB
-
Sample
240920-rtjfqs1gmk
-
MD5
3b62243715bd7937e90ad9be6bfd6645
-
SHA1
344daa734c57bcf55071e72b1b531abe5e6e953a
-
SHA256
549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df
-
SHA512
5dc740ed89b369209d04310d106caaca9a620ad066055ca69ba8f927237cb5fefb85ba448b6fb0216938fe7003fb29ced4f40e84daf57a73be1f8d0223c8a0ec
-
SSDEEP
24576:WzSFDpnxQPoxAkGgeIJ7zetCUz4ExUQH6a+GUV97/1jbJpypA/qJLZaJBByP0bM2:vpnCHuJfpJNFjPjwLkHk8oWtyFiW43x
Static task
static1
Behavioral task
behavioral1
Sample
549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df.exe
-
Size
2.7MB
-
MD5
3b62243715bd7937e90ad9be6bfd6645
-
SHA1
344daa734c57bcf55071e72b1b531abe5e6e953a
-
SHA256
549b030ceb0ca5a4b7c39aa12de1302bf79f245e4b8f7e6023be233f066ad1df
-
SHA512
5dc740ed89b369209d04310d106caaca9a620ad066055ca69ba8f927237cb5fefb85ba448b6fb0216938fe7003fb29ced4f40e84daf57a73be1f8d0223c8a0ec
-
SSDEEP
24576:WzSFDpnxQPoxAkGgeIJ7zetCUz4ExUQH6a+GUV97/1jbJpypA/qJLZaJBByP0bM2:vpnCHuJfpJNFjPjwLkHk8oWtyFiW43x
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-