General
-
Target
e76398664ad0980f6f421cc626b673eeb013c7431e160497ddd2f39a9f0890e4.exe
-
Size
1.8MB
-
Sample
241001-jpjxpsycmq
-
MD5
2736d2c2b154fb7ae5262f2939a7e071
-
SHA1
240dbcee82fb3424b956e2769e3e4d9517a60298
-
SHA256
e76398664ad0980f6f421cc626b673eeb013c7431e160497ddd2f39a9f0890e4
-
SHA512
a236b8f441719c5e591c8aa47d1a10e5d948cf5748a0b4650fb67ceb68b7d86951703304141e2f52ee4239fbe22a22ce92d175d4aa1c5ddc776c8636f09055c4
-
SSDEEP
49152:9M2vh2CZKqky4eoy6TMS9BDOAOLpDSQQYl:9vKHy4Jy+BHDQpDFQY
Static task
static1
Behavioral task
behavioral1
Sample
e76398664ad0980f6f421cc626b673eeb013c7431e160497ddd2f39a9f0890e4.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
e76398664ad0980f6f421cc626b673eeb013c7431e160497ddd2f39a9f0890e4.exe
-
Size
1.8MB
-
MD5
2736d2c2b154fb7ae5262f2939a7e071
-
SHA1
240dbcee82fb3424b956e2769e3e4d9517a60298
-
SHA256
e76398664ad0980f6f421cc626b673eeb013c7431e160497ddd2f39a9f0890e4
-
SHA512
a236b8f441719c5e591c8aa47d1a10e5d948cf5748a0b4650fb67ceb68b7d86951703304141e2f52ee4239fbe22a22ce92d175d4aa1c5ddc776c8636f09055c4
-
SSDEEP
49152:9M2vh2CZKqky4eoy6TMS9BDOAOLpDSQQYl:9vKHy4Jy+BHDQpDFQY
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-