General
-
Target
2dafc0020454eea9cfa266e4eb275d63c351348d7693fb05290ccb2e4761b5de
-
Size
2.8MB
-
Sample
240923-fpbdsaxakn
-
MD5
22cf0c378b616dad9def6d862d6ec1e7
-
SHA1
329bbcb7ba416cd6533c7c9d89099b41fffadd7f
-
SHA256
2dafc0020454eea9cfa266e4eb275d63c351348d7693fb05290ccb2e4761b5de
-
SHA512
00544ac16fa5bbd4c72c448ea51394f514f8adc42a1322b05f4487ea9fc2e4a78e459dbd5a2ce5a5ddb2ea8b4ffd949df6fd01bb382eb95ce8bbfe3b3b30d7ba
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImQ:bncMSleNaNhQ4d3XcGTWImQ
Static task
static1
Behavioral task
behavioral1
Sample
2dafc0020454eea9cfa266e4eb275d63c351348d7693fb05290ccb2e4761b5de.exe
Resource
win7-20240729-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
2dafc0020454eea9cfa266e4eb275d63c351348d7693fb05290ccb2e4761b5de
-
Size
2.8MB
-
MD5
22cf0c378b616dad9def6d862d6ec1e7
-
SHA1
329bbcb7ba416cd6533c7c9d89099b41fffadd7f
-
SHA256
2dafc0020454eea9cfa266e4eb275d63c351348d7693fb05290ccb2e4761b5de
-
SHA512
00544ac16fa5bbd4c72c448ea51394f514f8adc42a1322b05f4487ea9fc2e4a78e459dbd5a2ce5a5ddb2ea8b4ffd949df6fd01bb382eb95ce8bbfe3b3b30d7ba
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImQ:bncMSleNaNhQ4d3XcGTWImQ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-