General
-
Target
ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8.exe
-
Size
1.7MB
-
Sample
241001-b991mavern
-
MD5
ce91f864c65b0c93bc1c9a36521143f3
-
SHA1
11fbffa510fbaae9ca46862c1849c52af5fbd5fe
-
SHA256
ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8
-
SHA512
94b5411a1712428b0e412fcab9969cf7c3fb1f84754c403b2c833b158df8bee1af8680fa26706184a08a98cbe47c4ca9b6ce9d33693be54c49881b4f17ebed36
-
SSDEEP
49152:Z0ZwjxTvispNjFUk0d0wGgqg7Q3LrSAsOs1:2ylTF2qtrSA+1
Static task
static1
Behavioral task
behavioral1
Sample
ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8.exe
-
Size
1.7MB
-
MD5
ce91f864c65b0c93bc1c9a36521143f3
-
SHA1
11fbffa510fbaae9ca46862c1849c52af5fbd5fe
-
SHA256
ebb1b01d61c7e3ac4578f7b7193bc2f0a70909195f5f311e2e49f4a9974ca9a8
-
SHA512
94b5411a1712428b0e412fcab9969cf7c3fb1f84754c403b2c833b158df8bee1af8680fa26706184a08a98cbe47c4ca9b6ce9d33693be54c49881b4f17ebed36
-
SSDEEP
49152:Z0ZwjxTvispNjFUk0d0wGgqg7Q3LrSAsOs1:2ylTF2qtrSA+1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-