General
-
Target
cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876
-
Size
2.8MB
-
Sample
240923-ft7yjswhkd
-
MD5
b6486d5d75d36f8294ee6af81617df36
-
SHA1
2171e30f89542f95738904e1de24df6725d61481
-
SHA256
cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876
-
SHA512
18eba71f3676ca5877a150dbd34cde5a2f1a70a93b95923d7aa6feeeb3cb961b358a758f6d443496ca682fadec1879b09511f6b948728a31b228e4007e8901b6
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImC:bncMSleNaNhQ4d3XcGTWImC
Static task
static1
Behavioral task
behavioral1
Sample
cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876
-
Size
2.8MB
-
MD5
b6486d5d75d36f8294ee6af81617df36
-
SHA1
2171e30f89542f95738904e1de24df6725d61481
-
SHA256
cb015b3bf5b736d9c39e13e240de4e69e4f2fbccef96c439adbdd912518e8876
-
SHA512
18eba71f3676ca5877a150dbd34cde5a2f1a70a93b95923d7aa6feeeb3cb961b358a758f6d443496ca682fadec1879b09511f6b948728a31b228e4007e8901b6
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImC:bncMSleNaNhQ4d3XcGTWImC
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-