General
-
Target
random.exe
-
Size
1.8MB
-
Sample
240924-h6dlksvhmj
-
MD5
e4e58a4e508a4dc0aaa7083445c7069d
-
SHA1
3060a2f6a5a4ac6d4fc4e9175cca77b1169f7d2a
-
SHA256
5e60987abaf53898ad83e58f4536b5f4860919d59fe23aa172ec69df41e7eaf7
-
SHA512
7788503bf4151877ccc024c60eb5be8f1b17c814490796f4082f4bbbc7436ddac158a5afffd5788fbe1d8bc5f7beab863750686c719aa013d90235a8bd552ce5
-
SSDEEP
49152:3mds3zWY+rnI85ZI0Lw9k1VqAKsGWLl2PBEuaih:3RR29+gw9kPqjlWLU5Eu
Static task
static1
Behavioral task
behavioral1
Sample
random.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
save
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
random.exe
-
Size
1.8MB
-
MD5
e4e58a4e508a4dc0aaa7083445c7069d
-
SHA1
3060a2f6a5a4ac6d4fc4e9175cca77b1169f7d2a
-
SHA256
5e60987abaf53898ad83e58f4536b5f4860919d59fe23aa172ec69df41e7eaf7
-
SHA512
7788503bf4151877ccc024c60eb5be8f1b17c814490796f4082f4bbbc7436ddac158a5afffd5788fbe1d8bc5f7beab863750686c719aa013d90235a8bd552ce5
-
SSDEEP
49152:3mds3zWY+rnI85ZI0Lw9k1VqAKsGWLl2PBEuaih:3RR29+gw9kPqjlWLU5Eu
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-