General
-
Target
ffcdf4d0a435fa32d4c3d45cf4b73b344c8fad95c14782796d229d4a23cdd616N.exe
-
Size
2.7MB
-
Sample
240926-j1msqswemj
-
MD5
7f0c37be2525592486f2856563ffa430
-
SHA1
8bc0ce9a384e7d94106909e9dc53cdb68cf72553
-
SHA256
ffcdf4d0a435fa32d4c3d45cf4b73b344c8fad95c14782796d229d4a23cdd616
-
SHA512
210e739e33c5fe29d1b47f74bb3c4616aea10bb6f1a93e77767f2bb19a56c46460fb4677658f58acf9efc300ed1d35cc507ecd456fa6490efe78ecc94bdcae90
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rf:dSfpUcW9y+ike76QvdKU2I4H89rf
Static task
static1
Behavioral task
behavioral1
Sample
ffcdf4d0a435fa32d4c3d45cf4b73b344c8fad95c14782796d229d4a23cdd616N.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
rave
http://185.215.113.103
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
ffcdf4d0a435fa32d4c3d45cf4b73b344c8fad95c14782796d229d4a23cdd616N.exe
-
Size
2.7MB
-
MD5
7f0c37be2525592486f2856563ffa430
-
SHA1
8bc0ce9a384e7d94106909e9dc53cdb68cf72553
-
SHA256
ffcdf4d0a435fa32d4c3d45cf4b73b344c8fad95c14782796d229d4a23cdd616
-
SHA512
210e739e33c5fe29d1b47f74bb3c4616aea10bb6f1a93e77767f2bb19a56c46460fb4677658f58acf9efc300ed1d35cc507ecd456fa6490efe78ecc94bdcae90
-
SSDEEP
49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rf:dSfpUcW9y+ike76QvdKU2I4H89rf
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-