General
-
Target
9033ea8e7a284dd91866a4113df0c2927fdeb89152b59c930669af6e43685ea5
-
Size
2.8MB
-
Sample
240922-3ezpyszbnh
-
MD5
64b34e14dde013fe165897721ee4fced
-
SHA1
596adc306393fdf560178fb8de8a1e908c1b2240
-
SHA256
9033ea8e7a284dd91866a4113df0c2927fdeb89152b59c930669af6e43685ea5
-
SHA512
cb9aec902d85cc12667e81b2e5ed8cb3dd1f14e7b1c788a4aae0dd64855aa72f8fe8dec5170cca241885d827eddde9e9eb5436a1ea757720140b270fd85d5470
-
SSDEEP
49152:znkAtdeJ/vwjbGlAMKoHSJipCRQZTsW2ppP/uHBE:QAtdeJ/vwj6lfLHSJyCuMpP/4K
Static task
static1
Behavioral task
behavioral1
Sample
9033ea8e7a284dd91866a4113df0c2927fdeb89152b59c930669af6e43685ea5.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
9033ea8e7a284dd91866a4113df0c2927fdeb89152b59c930669af6e43685ea5
-
Size
2.8MB
-
MD5
64b34e14dde013fe165897721ee4fced
-
SHA1
596adc306393fdf560178fb8de8a1e908c1b2240
-
SHA256
9033ea8e7a284dd91866a4113df0c2927fdeb89152b59c930669af6e43685ea5
-
SHA512
cb9aec902d85cc12667e81b2e5ed8cb3dd1f14e7b1c788a4aae0dd64855aa72f8fe8dec5170cca241885d827eddde9e9eb5436a1ea757720140b270fd85d5470
-
SSDEEP
49152:znkAtdeJ/vwjbGlAMKoHSJipCRQZTsW2ppP/uHBE:QAtdeJ/vwj6lfLHSJyCuMpP/4K
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-