General
-
Target
d71873f393259dc6b0998b4be7be61adbc24e0652716c2aaab2bbcb3d6cafabe.exe
-
Size
1.8MB
-
Sample
241001-b7gajavdqk
-
MD5
beb729f85b42e8201b31a5b96c898f5f
-
SHA1
b29a39f73636dea3780c5167bb87809ef8a82d6c
-
SHA256
d71873f393259dc6b0998b4be7be61adbc24e0652716c2aaab2bbcb3d6cafabe
-
SHA512
e85ed0f17a02b3bacac12430bbc1ada55ac782f2bcd9c541b3daf3a5ad221439be02931135dfbacf226037b34cd8891fd65890aac2ff8b6d17c22518dd635e1d
-
SSDEEP
49152:+Gu8srD/zVSewEckzrFNsg92NkMGD42rB5U9hljLQC:huJzVSewTkPDgSMGD42rBqQC
Static task
static1
Behavioral task
behavioral1
Sample
d71873f393259dc6b0998b4be7be61adbc24e0652716c2aaab2bbcb3d6cafabe.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
d71873f393259dc6b0998b4be7be61adbc24e0652716c2aaab2bbcb3d6cafabe.exe
-
Size
1.8MB
-
MD5
beb729f85b42e8201b31a5b96c898f5f
-
SHA1
b29a39f73636dea3780c5167bb87809ef8a82d6c
-
SHA256
d71873f393259dc6b0998b4be7be61adbc24e0652716c2aaab2bbcb3d6cafabe
-
SHA512
e85ed0f17a02b3bacac12430bbc1ada55ac782f2bcd9c541b3daf3a5ad221439be02931135dfbacf226037b34cd8891fd65890aac2ff8b6d17c22518dd635e1d
-
SSDEEP
49152:+Gu8srD/zVSewEckzrFNsg92NkMGD42rB5U9hljLQC:huJzVSewTkPDgSMGD42rBqQC
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-