General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241001-fkn43swarc
-
MD5
e12dff26d257800a0f411dda1fdb521f
-
SHA1
ed660b5a175dce979ca5e77f13d2e89b2c8aaadc
-
SHA256
e082f507be5674e4813a6f32759c2551bfedea8e298082cab225b787b6e89d60
-
SHA512
4771f88f9f2a7fa1a165866c1782564d141d8030ff3110cc5d002f8d0ddf2a5e85d66eabca99d10383cff02e0e4b465b9f896d89b27b2e3e6a767cb1d897728b
-
SSDEEP
24576:RkRhl9USnloGAklNG66X57K/zlRvKxh6k3aVa12FDhvH55NQ7DrG3Mp5C2GS2:SbKGBnGpNcbchsIg5hvZ5NEi8p5+
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
e12dff26d257800a0f411dda1fdb521f
-
SHA1
ed660b5a175dce979ca5e77f13d2e89b2c8aaadc
-
SHA256
e082f507be5674e4813a6f32759c2551bfedea8e298082cab225b787b6e89d60
-
SHA512
4771f88f9f2a7fa1a165866c1782564d141d8030ff3110cc5d002f8d0ddf2a5e85d66eabca99d10383cff02e0e4b465b9f896d89b27b2e3e6a767cb1d897728b
-
SSDEEP
24576:RkRhl9USnloGAklNG66X57K/zlRvKxh6k3aVa12FDhvH55NQ7DrG3Mp5C2GS2:SbKGBnGpNcbchsIg5hvZ5NEi8p5+
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-