General
-
Target
3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39
-
Size
2.8MB
-
Sample
240923-fpgksswfre
-
MD5
1169bb2b1aa99568c469196a2294d2fe
-
SHA1
ba19242f350e26f63a13e253af88302393179e0b
-
SHA256
3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39
-
SHA512
363e81c74e022cca8905953f87833044007f239f3c628bfcb9983db779866efc7a62d3a300af93be483e8719a98ffbdd350d480c5efcf89d7a9575a05eb46cae
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImE:bncMSleNaNhQ4d3XcGTWImE
Static task
static1
Behavioral task
behavioral1
Sample
3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39.exe
Resource
win7-20240729-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39
-
Size
2.8MB
-
MD5
1169bb2b1aa99568c469196a2294d2fe
-
SHA1
ba19242f350e26f63a13e253af88302393179e0b
-
SHA256
3925b0a5c95fff1cb1a6ffd4eea180c03503ca6eb6456a6f4829529e6d280e39
-
SHA512
363e81c74e022cca8905953f87833044007f239f3c628bfcb9983db779866efc7a62d3a300af93be483e8719a98ffbdd350d480c5efcf89d7a9575a05eb46cae
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImE:bncMSleNaNhQ4d3XcGTWImE
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-