General
-
Target
16302289d512b8fbc68c2ef8eb4d3bcebdc7f5bf353785390a14d4c5dfbee672.exe
-
Size
1.8MB
-
Sample
241001-gf8tcsxfke
-
MD5
dc92ce1751a7abfe2c6232ae8fcdd321
-
SHA1
dccd40639ea30f104ff1daf9d51f6f8e76efc2ed
-
SHA256
16302289d512b8fbc68c2ef8eb4d3bcebdc7f5bf353785390a14d4c5dfbee672
-
SHA512
4e810d9b0f7ee05e66c6fc96274c46595175012713981790660fe39aaae5837655a8c24629ef50b3e45112ed5a3bd8e1a4dbb02ab46d5e174a1f9b87291266a1
-
SSDEEP
49152:ERIK1zz0HB7M1Wi8F+bNs3AwEMA89qTXa9VN+uL:o3z0M1t8F4UAwEMRqTXKC0
Static task
static1
Behavioral task
behavioral1
Sample
16302289d512b8fbc68c2ef8eb4d3bcebdc7f5bf353785390a14d4c5dfbee672.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
16302289d512b8fbc68c2ef8eb4d3bcebdc7f5bf353785390a14d4c5dfbee672.exe
-
Size
1.8MB
-
MD5
dc92ce1751a7abfe2c6232ae8fcdd321
-
SHA1
dccd40639ea30f104ff1daf9d51f6f8e76efc2ed
-
SHA256
16302289d512b8fbc68c2ef8eb4d3bcebdc7f5bf353785390a14d4c5dfbee672
-
SHA512
4e810d9b0f7ee05e66c6fc96274c46595175012713981790660fe39aaae5837655a8c24629ef50b3e45112ed5a3bd8e1a4dbb02ab46d5e174a1f9b87291266a1
-
SSDEEP
49152:ERIK1zz0HB7M1Wi8F+bNs3AwEMA89qTXa9VN+uL:o3z0M1t8F4UAwEMRqTXKC0
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-