General
-
Target
4e0ebdadb36bf517fa5244569bf26bb047eb3f333af08b233fd9983893f0070fN
-
Size
2.7MB
-
Sample
240922-hzng7sxdnl
-
MD5
3d26829a51fbfbb1c34927ad1b0eb5e0
-
SHA1
64ea451db0e6bc8b098b3b01444505a8cd429cf3
-
SHA256
4e0ebdadb36bf517fa5244569bf26bb047eb3f333af08b233fd9983893f0070f
-
SHA512
7e383c5faffa41ea81bc367943a4b2f875d386912ed7b7fff04451a7451ad533072bedc8100865a0e6d09f9c46bc1c7926e0be5ec09bc6b61179d7007c713bd3
-
SSDEEP
49152:z2e2Rw0skJ7kKvkoGK7vWFuXyuUXz6/mRDfxpCkN:z2/Rw0bJ7kKvkvKjWFU0jSsDf3CkN
Static task
static1
Behavioral task
behavioral1
Sample
4e0ebdadb36bf517fa5244569bf26bb047eb3f333af08b233fd9983893f0070fN.exe
Resource
win7-20240729-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
4e0ebdadb36bf517fa5244569bf26bb047eb3f333af08b233fd9983893f0070fN
-
Size
2.7MB
-
MD5
3d26829a51fbfbb1c34927ad1b0eb5e0
-
SHA1
64ea451db0e6bc8b098b3b01444505a8cd429cf3
-
SHA256
4e0ebdadb36bf517fa5244569bf26bb047eb3f333af08b233fd9983893f0070f
-
SHA512
7e383c5faffa41ea81bc367943a4b2f875d386912ed7b7fff04451a7451ad533072bedc8100865a0e6d09f9c46bc1c7926e0be5ec09bc6b61179d7007c713bd3
-
SSDEEP
49152:z2e2Rw0skJ7kKvkoGK7vWFuXyuUXz6/mRDfxpCkN:z2/Rw0bJ7kKvkvKjWFU0jSsDf3CkN
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-