General
-
Target
b7ca12d748b318ca1cbc0fe278970b60ee1e9725e85276c0e1e0eb6e03023d84.exe
-
Size
1.8MB
-
Sample
241001-b34j9syenf
-
MD5
82ba7dd925c55597eb322e578e2dfff0
-
SHA1
557bb56a5e58987cf18f4b8f4de569fc406f87c1
-
SHA256
b7ca12d748b318ca1cbc0fe278970b60ee1e9725e85276c0e1e0eb6e03023d84
-
SHA512
74264466fa71649b5b386255c72c49d63db758e7e8ca8decd5a55448e0ef8e15b2986c903d5a559c9dd296003c117a25411e8b47ad4ebb374e115bc9ca8bccc8
-
SSDEEP
49152:pkr01I4sbyC/ZbpDDx+bAXwtDcTlCJvsS:pkkqxbpH3gBcTlCJvs
Static task
static1
Behavioral task
behavioral1
Sample
b7ca12d748b318ca1cbc0fe278970b60ee1e9725e85276c0e1e0eb6e03023d84.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
b7ca12d748b318ca1cbc0fe278970b60ee1e9725e85276c0e1e0eb6e03023d84.exe
-
Size
1.8MB
-
MD5
82ba7dd925c55597eb322e578e2dfff0
-
SHA1
557bb56a5e58987cf18f4b8f4de569fc406f87c1
-
SHA256
b7ca12d748b318ca1cbc0fe278970b60ee1e9725e85276c0e1e0eb6e03023d84
-
SHA512
74264466fa71649b5b386255c72c49d63db758e7e8ca8decd5a55448e0ef8e15b2986c903d5a559c9dd296003c117a25411e8b47ad4ebb374e115bc9ca8bccc8
-
SSDEEP
49152:pkr01I4sbyC/ZbpDDx+bAXwtDcTlCJvsS:pkkqxbpH3gBcTlCJvs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-