General
-
Target
6092d85d3ed1b860c09f8614d0991349cda56a652a6ef825e5001f3861ed4210
-
Size
2.8MB
-
Sample
240920-y6a4fsweqk
-
MD5
0c58727828915fb52326430969f2d091
-
SHA1
4a765e0b7b92e2ef6ed2a7a69904e729369f96bb
-
SHA256
6092d85d3ed1b860c09f8614d0991349cda56a652a6ef825e5001f3861ed4210
-
SHA512
752e6316bb98981defe51b3f7aedd5c4a0880ebf5b8690b8e88a14d80eaaea708e4d3b75ed8d1d9eced4dd8ef9eaaed949ec7a0dd38c6ff1c57e972af09ece85
-
SSDEEP
49152:OzKj6+7CeoRPr84A4gTm7mHV6eMFxkBBdak2GDpa:U+7CeoRPr8JTmdZkBBv2GDpa
Static task
static1
Behavioral task
behavioral1
Sample
6092d85d3ed1b860c09f8614d0991349cda56a652a6ef825e5001f3861ed4210.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
6092d85d3ed1b860c09f8614d0991349cda56a652a6ef825e5001f3861ed4210
-
Size
2.8MB
-
MD5
0c58727828915fb52326430969f2d091
-
SHA1
4a765e0b7b92e2ef6ed2a7a69904e729369f96bb
-
SHA256
6092d85d3ed1b860c09f8614d0991349cda56a652a6ef825e5001f3861ed4210
-
SHA512
752e6316bb98981defe51b3f7aedd5c4a0880ebf5b8690b8e88a14d80eaaea708e4d3b75ed8d1d9eced4dd8ef9eaaed949ec7a0dd38c6ff1c57e972af09ece85
-
SSDEEP
49152:OzKj6+7CeoRPr84A4gTm7mHV6eMFxkBBdak2GDpa:U+7CeoRPr8JTmdZkBBv2GDpa
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-