General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241001-jjnzgasclh
-
MD5
5eb82808e74fc77120a8112f65825f29
-
SHA1
0b4a0d01260e24dc0ee8102e90b18a789eb4d4d0
-
SHA256
ce98925133b7b1d5977a70f6f6fa9baec6148c30b549292ea825e8c4d431cc87
-
SHA512
b026f1824880aeeb80a42c31c1a9cfbc24ffc95a8ed22b5b658fceb5ba1be804e21549bd5bd10489613492141b720f04b9ea4870e82ef9604b043b4af9adcb40
-
SSDEEP
24576:rV14f7HskN+1hXhNTxxZPIUTVKF47EhYYeHi+cV1UraamH2YVRYqu0i:rL4f7MkN+/xNTF1+dOi+sUuaq2fy
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
5eb82808e74fc77120a8112f65825f29
-
SHA1
0b4a0d01260e24dc0ee8102e90b18a789eb4d4d0
-
SHA256
ce98925133b7b1d5977a70f6f6fa9baec6148c30b549292ea825e8c4d431cc87
-
SHA512
b026f1824880aeeb80a42c31c1a9cfbc24ffc95a8ed22b5b658fceb5ba1be804e21549bd5bd10489613492141b720f04b9ea4870e82ef9604b043b4af9adcb40
-
SSDEEP
24576:rV14f7HskN+1hXhNTxxZPIUTVKF47EhYYeHi+cV1UraamH2YVRYqu0i:rL4f7MkN+/xNTF1+dOi+sUuaq2fy
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-