General
-
Target
218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e
-
Size
2.8MB
-
Sample
240923-fny4fswfqb
-
MD5
41886b664dfcbdbb2df7a1789f44abf5
-
SHA1
4d02876fe1ee93e75f57c83539825fc1bfd48370
-
SHA256
218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e
-
SHA512
ee71ec5a901e29bc9f0d72cc528fa4334b37297c68d0e39565ae3cd69fc6c4cb8eb072c421700d9d13db8efc70685566a6451445f7b520afe70ca434af3672d3
-
SSDEEP
49152:d7g1a7Z71tFC16FNzxWS/5S+YmG7LUR9pQbWb/K:d7g1a7Z71tFC16FNoSRm7IWbt
Static task
static1
Behavioral task
behavioral1
Sample
218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e
-
Size
2.8MB
-
MD5
41886b664dfcbdbb2df7a1789f44abf5
-
SHA1
4d02876fe1ee93e75f57c83539825fc1bfd48370
-
SHA256
218393d1bf0a55d3e3d5268849205e17d26ebc75e12e21fc244b892c1edaf91e
-
SHA512
ee71ec5a901e29bc9f0d72cc528fa4334b37297c68d0e39565ae3cd69fc6c4cb8eb072c421700d9d13db8efc70685566a6451445f7b520afe70ca434af3672d3
-
SSDEEP
49152:d7g1a7Z71tFC16FNzxWS/5S+YmG7LUR9pQbWb/K:d7g1a7Z71tFC16FNoSRm7IWbt
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-