General
-
Target
c978352670126322d013cb1afb3b8ce7bfcc1f0a39765f5dead460dc7f608717.exe
-
Size
1.8MB
-
Sample
241001-jgzyysxhqj
-
MD5
f74ed5926c551ea89e49d964e729e736
-
SHA1
115d45e11d815a3773f95b401ac64711c3a3e99c
-
SHA256
c978352670126322d013cb1afb3b8ce7bfcc1f0a39765f5dead460dc7f608717
-
SHA512
b917148554b232eec9fce319791e87b4fd7630ea9b16db4b899bafb7406ac516c1418dda0f5286be1c9cd86acd516a405dda8c85b9cccab59e1a17dac46750df
-
SSDEEP
49152:zzgWOqtxDQL+/nn70NnCtVb1trDTeuxsnb:4WOq7U6nIGbzrDU
Static task
static1
Behavioral task
behavioral1
Sample
c978352670126322d013cb1afb3b8ce7bfcc1f0a39765f5dead460dc7f608717.exe
Resource
win7-20240704-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
c978352670126322d013cb1afb3b8ce7bfcc1f0a39765f5dead460dc7f608717.exe
-
Size
1.8MB
-
MD5
f74ed5926c551ea89e49d964e729e736
-
SHA1
115d45e11d815a3773f95b401ac64711c3a3e99c
-
SHA256
c978352670126322d013cb1afb3b8ce7bfcc1f0a39765f5dead460dc7f608717
-
SHA512
b917148554b232eec9fce319791e87b4fd7630ea9b16db4b899bafb7406ac516c1418dda0f5286be1c9cd86acd516a405dda8c85b9cccab59e1a17dac46750df
-
SSDEEP
49152:zzgWOqtxDQL+/nn70NnCtVb1trDTeuxsnb:4WOq7U6nIGbzrDU
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-