General
-
Target
file.exe
-
Size
1.8MB
-
Sample
240929-1fbnea1gpl
-
MD5
7ddf3c055cb816ac3a4c446af107154f
-
SHA1
aed5c37fc540e748a3e1903d68bf864a25c73688
-
SHA256
685a588e407e6c8b4402b481545e69f49804fe1ccc50de4f104ee1a34b624614
-
SHA512
e584aa1ac3c9cf27f26164ecdf72968206ef052351c706eeee855cf4928bd69576620350ff174ef377df83aa4b27bf7165251abe3a5d9337685feea0ea3fee91
-
SSDEEP
49152:AiIxcS5Zx5XBYd96Z7nMb8fVDtP/oWaRi:MHz521IfVRP/6R
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
7ddf3c055cb816ac3a4c446af107154f
-
SHA1
aed5c37fc540e748a3e1903d68bf864a25c73688
-
SHA256
685a588e407e6c8b4402b481545e69f49804fe1ccc50de4f104ee1a34b624614
-
SHA512
e584aa1ac3c9cf27f26164ecdf72968206ef052351c706eeee855cf4928bd69576620350ff174ef377df83aa4b27bf7165251abe3a5d9337685feea0ea3fee91
-
SSDEEP
49152:AiIxcS5Zx5XBYd96Z7nMb8fVDtP/oWaRi:MHz521IfVRP/6R
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-