General
-
Target
dedfa939975f23b0cbe11f37a2baa89e81709cab18b7e43c1de55d5c7856dd88.exe
-
Size
1.8MB
-
Sample
241001-b8z42avenk
-
MD5
df7235db9d870ffb043afa57a9c1ba64
-
SHA1
ef08a2abc48ce961bec0e1962e03cb0c378b0850
-
SHA256
dedfa939975f23b0cbe11f37a2baa89e81709cab18b7e43c1de55d5c7856dd88
-
SHA512
ff17bb837b6a4403c48d60352a4769521496a614e90f622024db6706f6536c95264d175ee76fe6cb4ffe63096d8730d757932f90ae8bba14f1d6a8a518108bbb
-
SSDEEP
49152:CbXIxk85iHYgb8A4TEO8+ajTj3eqCT6SQb:CMTjg4dEKQTj3XCT6S
Static task
static1
Behavioral task
behavioral1
Sample
dedfa939975f23b0cbe11f37a2baa89e81709cab18b7e43c1de55d5c7856dd88.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
dedfa939975f23b0cbe11f37a2baa89e81709cab18b7e43c1de55d5c7856dd88.exe
-
Size
1.8MB
-
MD5
df7235db9d870ffb043afa57a9c1ba64
-
SHA1
ef08a2abc48ce961bec0e1962e03cb0c378b0850
-
SHA256
dedfa939975f23b0cbe11f37a2baa89e81709cab18b7e43c1de55d5c7856dd88
-
SHA512
ff17bb837b6a4403c48d60352a4769521496a614e90f622024db6706f6536c95264d175ee76fe6cb4ffe63096d8730d757932f90ae8bba14f1d6a8a518108bbb
-
SSDEEP
49152:CbXIxk85iHYgb8A4TEO8+ajTj3eqCT6SQb:CMTjg4dEKQTj3XCT6S
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-