General
-
Target
b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133N
-
Size
2.7MB
-
Sample
240921-a162yaxbql
-
MD5
fd4d83b539cda4ea532a32d30cdb3810
-
SHA1
07a76c5589a3c9a14df35ed2f62737ce68f38f98
-
SHA256
b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133
-
SHA512
509cb982e59adb8f2af58be75652625e732f6cf4174920e7dcfdeb5fac4cb306f75e96e7e3a7e975e46fc6b04984dd0f8158e80007834993ad736e64251dc33b
-
SSDEEP
49152:b3qNhQutcEBo+WXBrCpbo1BL/93e+t2PLlB9wuPdkPD:DqNhQkcN+WRepc1BLl3e+t2PRB9JPK
Static task
static1
Behavioral task
behavioral1
Sample
b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133N.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133N
-
Size
2.7MB
-
MD5
fd4d83b539cda4ea532a32d30cdb3810
-
SHA1
07a76c5589a3c9a14df35ed2f62737ce68f38f98
-
SHA256
b2b41e189857edfb1006c1ccfce2aba1ee97b841f6aa954cb4f44a538d48d133
-
SHA512
509cb982e59adb8f2af58be75652625e732f6cf4174920e7dcfdeb5fac4cb306f75e96e7e3a7e975e46fc6b04984dd0f8158e80007834993ad736e64251dc33b
-
SSDEEP
49152:b3qNhQutcEBo+WXBrCpbo1BL/93e+t2PLlB9wuPdkPD:DqNhQkcN+WRepc1BLl3e+t2PRB9JPK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-