General
-
Target
b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8bN
-
Size
2.7MB
-
Sample
240923-ehay1awbnn
-
MD5
e48a2834391828f83a1d0bd2cb9a6ed0
-
SHA1
2a33e7ae37f756a05eff8b14d1f60b864958d872
-
SHA256
b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8b
-
SHA512
c1aa6a0e570663a85f3f87871bb9a47fb9bf0340e17c36983d1a8ca56304a0575526822846df3239dd96c3291f00bf39645836c575b806b00b05260318887fec
-
SSDEEP
49152:uzoXarYgSetfAPGLqVBDmebLh05BN19sQPGQ7:qO0XSetfAPGLqVBDmeHh0PBGW
Static task
static1
Behavioral task
behavioral1
Sample
b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8bN.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8bN
-
Size
2.7MB
-
MD5
e48a2834391828f83a1d0bd2cb9a6ed0
-
SHA1
2a33e7ae37f756a05eff8b14d1f60b864958d872
-
SHA256
b6a4d5abdbeafa1d9c8ed201b4aafb06ce599872d0dec77ff342886b1a128c8b
-
SHA512
c1aa6a0e570663a85f3f87871bb9a47fb9bf0340e17c36983d1a8ca56304a0575526822846df3239dd96c3291f00bf39645836c575b806b00b05260318887fec
-
SSDEEP
49152:uzoXarYgSetfAPGLqVBDmebLh05BN19sQPGQ7:qO0XSetfAPGLqVBDmeHh0PBGW
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-