General
-
Target
5707f583da22cebb00c65720f8cd03ff3659aaaa526f7d7314c450eac45c5f12.exe
-
Size
2.8MB
-
Sample
240921-bqxwysydnr
-
MD5
090801e977931b274e440856fa60dfe2
-
SHA1
9743ef2c8bdfa4394b11ff82b4c3e35af6990c2e
-
SHA256
5707f583da22cebb00c65720f8cd03ff3659aaaa526f7d7314c450eac45c5f12
-
SHA512
fdbae4ddc17aef9e8d692e9ae3c55ebdbbe295cdcf4898ad8ce2c983a79f619fb68cee89afc32970a7c012edf21233af8247129f510f11aab82f48645ee55438
-
SSDEEP
49152:8BFIGzl11KmxmcZMqg9JpjRTmd/v9yKBESoE0V4d:wIGR11KmxmcZVgrpgd/v9HESWV4d
Static task
static1
Behavioral task
behavioral1
Sample
5707f583da22cebb00c65720f8cd03ff3659aaaa526f7d7314c450eac45c5f12.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
5707f583da22cebb00c65720f8cd03ff3659aaaa526f7d7314c450eac45c5f12.exe
-
Size
2.8MB
-
MD5
090801e977931b274e440856fa60dfe2
-
SHA1
9743ef2c8bdfa4394b11ff82b4c3e35af6990c2e
-
SHA256
5707f583da22cebb00c65720f8cd03ff3659aaaa526f7d7314c450eac45c5f12
-
SHA512
fdbae4ddc17aef9e8d692e9ae3c55ebdbbe295cdcf4898ad8ce2c983a79f619fb68cee89afc32970a7c012edf21233af8247129f510f11aab82f48645ee55438
-
SSDEEP
49152:8BFIGzl11KmxmcZMqg9JpjRTmd/v9yKBESoE0V4d:wIGR11KmxmcZVgrpgd/v9HESWV4d
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-