General
-
Target
9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18.exe
-
Size
1.8MB
-
Sample
241001-pceecaydnr
-
MD5
3f50351804845b52e987973a2ac7de60
-
SHA1
3c88186ad4300707fb440d013c7cbef8b3491449
-
SHA256
9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18
-
SHA512
2f7188270adff3ba16c977f78ceaed2cb6569481a9006b83b86595b9289affa9240490affe0bbcc52acd7461d2e3071e112789a9d4d706ced82f7015d22bccd4
-
SSDEEP
24576:9fQbNhb2tYqqG5L8SPnIXdKpKNUHX/w43zrsStS9zxixYuZKE5i4VXNRZSNsTF+f:ybNBs5L8SvI0Xo43FwzxmdrVcba5CpJ
Static task
static1
Behavioral task
behavioral1
Sample
9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18.exe
-
Size
1.8MB
-
MD5
3f50351804845b52e987973a2ac7de60
-
SHA1
3c88186ad4300707fb440d013c7cbef8b3491449
-
SHA256
9f9a3faf3d4f8b3c0c6d3719024c457f34fda2cdc2395d82a2a193aac8daea18
-
SHA512
2f7188270adff3ba16c977f78ceaed2cb6569481a9006b83b86595b9289affa9240490affe0bbcc52acd7461d2e3071e112789a9d4d706ced82f7015d22bccd4
-
SSDEEP
24576:9fQbNhb2tYqqG5L8SPnIXdKpKNUHX/w43zrsStS9zxixYuZKE5i4VXNRZSNsTF+f:ybNBs5L8SvI0Xo43FwzxmdrVcba5CpJ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-