General
-
Target
3fccde02120f8159aa54af2f1a2dae78b1136f4e23ffb5e5b22b5365fd54ffef
-
Size
2.8MB
-
Sample
240923-fpv37awgjb
-
MD5
0743c5a7194533d673b05de5137586bd
-
SHA1
25d40c0953463ee0fd4aa4ba7387b766c470c6cb
-
SHA256
3fccde02120f8159aa54af2f1a2dae78b1136f4e23ffb5e5b22b5365fd54ffef
-
SHA512
223844c033bcea95507012045640b5a0a2dc34a8cc0bc58fb1b1ce89308602d5e0f86e94cb62c6277d597641948c7e6c43666db0edd887109fd476b5ee6cdca1
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnIma:bncMSleNaNhQ4d3XcGTWIma
Static task
static1
Behavioral task
behavioral1
Sample
3fccde02120f8159aa54af2f1a2dae78b1136f4e23ffb5e5b22b5365fd54ffef.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
3fccde02120f8159aa54af2f1a2dae78b1136f4e23ffb5e5b22b5365fd54ffef
-
Size
2.8MB
-
MD5
0743c5a7194533d673b05de5137586bd
-
SHA1
25d40c0953463ee0fd4aa4ba7387b766c470c6cb
-
SHA256
3fccde02120f8159aa54af2f1a2dae78b1136f4e23ffb5e5b22b5365fd54ffef
-
SHA512
223844c033bcea95507012045640b5a0a2dc34a8cc0bc58fb1b1ce89308602d5e0f86e94cb62c6277d597641948c7e6c43666db0edd887109fd476b5ee6cdca1
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnIma:bncMSleNaNhQ4d3XcGTWIma
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-