General
-
Target
8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9.exe
-
Size
2.7MB
-
Sample
240920-sbm7mssgjn
-
MD5
65c891433ccfcc618f803149c1bc15b2
-
SHA1
69bee79f389290eed2a8256cd62adf95c4c6fa03
-
SHA256
8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9
-
SHA512
c16c5116244dafb0ac1f4e8a4ecf9c90dc7c11bcbcb6bc523c544004d7a7a76376adf1ab9d48ff500b0f3671bc073f73af3f5a44d8b08435660e060f555ea181
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rb:dSfpUcW9y+ike76QvdKU2I4H89rb
Static task
static1
Behavioral task
behavioral1
Sample
8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9.exe
Resource
win7-20240729-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9.exe
-
Size
2.7MB
-
MD5
65c891433ccfcc618f803149c1bc15b2
-
SHA1
69bee79f389290eed2a8256cd62adf95c4c6fa03
-
SHA256
8e4e9d304d59f9b976519fbe19054c1b69603ba5923c64375b890c0aca6edff9
-
SHA512
c16c5116244dafb0ac1f4e8a4ecf9c90dc7c11bcbcb6bc523c544004d7a7a76376adf1ab9d48ff500b0f3671bc073f73af3f5a44d8b08435660e060f555ea181
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rb:dSfpUcW9y+ike76QvdKU2I4H89rb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-