General
-
Target
b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5.exe
-
Size
2.7MB
-
Sample
240920-tkd6rsvhlr
-
MD5
78367a96d5fa6b7e8e89a777a28b0735
-
SHA1
3be92b5ee229a50485b336dbcdb302180f8f17c4
-
SHA256
b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5
-
SHA512
1906ad20730f4bd32de43a77ddbe55cbb120832d0ccacc5d243701ad719c833b4f97aec5c2b551ceec1d13d859cb03ed55451f02e5c207cadbb57a6797fc70d7
-
SSDEEP
24576:WzSFDpnxQPoxAkGgeIJ7zetCUz4ExUQH6a+GUV97/1jbJpypA/qJLZaJBByP0bM4:vpnCHuJfpJNFjPjwLkHk8oWtyFiW43n
Static task
static1
Behavioral task
behavioral1
Sample
b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5.exe
-
Size
2.7MB
-
MD5
78367a96d5fa6b7e8e89a777a28b0735
-
SHA1
3be92b5ee229a50485b336dbcdb302180f8f17c4
-
SHA256
b7f3a24f27cbb728ce871f1437eac40ce4dcb77c3357687b92b8b8248b81d6e5
-
SHA512
1906ad20730f4bd32de43a77ddbe55cbb120832d0ccacc5d243701ad719c833b4f97aec5c2b551ceec1d13d859cb03ed55451f02e5c207cadbb57a6797fc70d7
-
SSDEEP
24576:WzSFDpnxQPoxAkGgeIJ7zetCUz4ExUQH6a+GUV97/1jbJpypA/qJLZaJBByP0bM4:vpnCHuJfpJNFjPjwLkHk8oWtyFiW43n
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-