General
-
Target
5acdcfb91c61748eb701eaaded96c50180200833c7bc44aadbecc39e720e3636
-
Size
2.8MB
-
Sample
240923-fqg8qawgke
-
MD5
e5b126b467732569c291a99612a5ac1c
-
SHA1
9e764612db067e0be9945dae02c3d1e029518388
-
SHA256
5acdcfb91c61748eb701eaaded96c50180200833c7bc44aadbecc39e720e3636
-
SHA512
182d7fede466d6a7b5468603e0994f35e8eabba93cbb45df8a6426f29783b35dac49a735df52f1c48217a404f48d851a24b0d6f684b4c7c9490faca65e284987
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImZ:bncMSleNaNhQ4d3XcGTWImZ
Static task
static1
Behavioral task
behavioral1
Sample
5acdcfb91c61748eb701eaaded96c50180200833c7bc44aadbecc39e720e3636.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
5acdcfb91c61748eb701eaaded96c50180200833c7bc44aadbecc39e720e3636
-
Size
2.8MB
-
MD5
e5b126b467732569c291a99612a5ac1c
-
SHA1
9e764612db067e0be9945dae02c3d1e029518388
-
SHA256
5acdcfb91c61748eb701eaaded96c50180200833c7bc44aadbecc39e720e3636
-
SHA512
182d7fede466d6a7b5468603e0994f35e8eabba93cbb45df8a6426f29783b35dac49a735df52f1c48217a404f48d851a24b0d6f684b4c7c9490faca65e284987
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImZ:bncMSleNaNhQ4d3XcGTWImZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-