General
-
Target
d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d
-
Size
2.8MB
-
Sample
240923-fvbxhawhke
-
MD5
fc8449d388ec7454449aa271e534b85b
-
SHA1
1b1d3ea9d15d05f9a41d5899a6782fe44bc5b319
-
SHA256
d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d
-
SHA512
a68e9eb29493ea807408a0835daf9caae8e0ce8db6ba314854333291fbb9921f6bdb92311fc584dd1d3cb52f5842e248f2e6fcd15fa150488e7931b4350b29fd
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImK:bncMSleNaNhQ4d3XcGTWImK
Static task
static1
Behavioral task
behavioral1
Sample
d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d
-
Size
2.8MB
-
MD5
fc8449d388ec7454449aa271e534b85b
-
SHA1
1b1d3ea9d15d05f9a41d5899a6782fe44bc5b319
-
SHA256
d58ef8485a877a2990ae42f82545d955281bdd5e07389bb151d86bb013aa241d
-
SHA512
a68e9eb29493ea807408a0835daf9caae8e0ce8db6ba314854333291fbb9921f6bdb92311fc584dd1d3cb52f5842e248f2e6fcd15fa150488e7931b4350b29fd
-
SSDEEP
49152:bnxCMZwRLeNaNhfI4dek+w7K/fGTWnImK:bncMSleNaNhQ4d3XcGTWImK
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-