General
-
Target
86db7dfb31cc072f944c5eb7c722e55ec5f832e39b22ff6c77d06f0fbf222720.exe
-
Size
1.7MB
-
Sample
241001-hfpk6awapr
-
MD5
6b618b13d3618f8771f4b25628cecfaf
-
SHA1
bd9c69483af8ad3551127d3d2acba69269e78eac
-
SHA256
86db7dfb31cc072f944c5eb7c722e55ec5f832e39b22ff6c77d06f0fbf222720
-
SHA512
df84395abe5460df82a6677693beeac52fdc2209086c299ba54049783db0e65000b22cabac05a268b2d9d739e20e2a31391a706c2cb34f5e60a1923094e0e4ed
-
SSDEEP
24576:+uLvAVKtiuMmOjNxav/o4vtdiowFsaPlzoKy3d7RJo2YzBAjpdKZc6hWyl7PgS19:MKtE0+sa9zTu7RrYVqKmLmPg
Static task
static1
Behavioral task
behavioral1
Sample
86db7dfb31cc072f944c5eb7c722e55ec5f832e39b22ff6c77d06f0fbf222720.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
86db7dfb31cc072f944c5eb7c722e55ec5f832e39b22ff6c77d06f0fbf222720.exe
-
Size
1.7MB
-
MD5
6b618b13d3618f8771f4b25628cecfaf
-
SHA1
bd9c69483af8ad3551127d3d2acba69269e78eac
-
SHA256
86db7dfb31cc072f944c5eb7c722e55ec5f832e39b22ff6c77d06f0fbf222720
-
SHA512
df84395abe5460df82a6677693beeac52fdc2209086c299ba54049783db0e65000b22cabac05a268b2d9d739e20e2a31391a706c2cb34f5e60a1923094e0e4ed
-
SSDEEP
24576:+uLvAVKtiuMmOjNxav/o4vtdiowFsaPlzoKy3d7RJo2YzBAjpdKZc6hWyl7PgS19:MKtE0+sa9zTu7RrYVqKmLmPg
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-