General
-
Target
a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433caN
-
Size
2.6MB
-
Sample
240923-essa2awbjh
-
MD5
6473d88252dbc3527236ee368986c7e0
-
SHA1
1f574a4923d9048a49aa284a4c103b95ee1aa4fe
-
SHA256
a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433ca
-
SHA512
fbbe71260f39f305023861b79c18de2c72f7eb67737080b17bfd05554628749888537307dbe8be6df92a9974f327b03b641be614bfee33f63e96321f883075f6
-
SSDEEP
49152:76MKZD8x8gOdUVC+XQigB+Yj+gwcSSN8qxaGg1Yb:X9GrUVC+XQtBNxVgib
Static task
static1
Behavioral task
behavioral1
Sample
a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433caN.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433caN
-
Size
2.6MB
-
MD5
6473d88252dbc3527236ee368986c7e0
-
SHA1
1f574a4923d9048a49aa284a4c103b95ee1aa4fe
-
SHA256
a1e047c2ff956afac4c3369d91551d48dde27369c23d955234788458c01433ca
-
SHA512
fbbe71260f39f305023861b79c18de2c72f7eb67737080b17bfd05554628749888537307dbe8be6df92a9974f327b03b641be614bfee33f63e96321f883075f6
-
SSDEEP
49152:76MKZD8x8gOdUVC+XQigB+Yj+gwcSSN8qxaGg1Yb:X9GrUVC+XQtBNxVgib
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-