General
-
Target
aee2b970844215df21fc34b4a81c2faeb4ffdc0f0b6f71870833ce8cccdf9393.exe
-
Size
1.8MB
-
Sample
241001-qdtfbs1cpn
-
MD5
9bc6892c4e3d73e9fbc8c8764fb3822e
-
SHA1
9129506ff676c2b620081fb13bc6497f3cbfaf44
-
SHA256
aee2b970844215df21fc34b4a81c2faeb4ffdc0f0b6f71870833ce8cccdf9393
-
SHA512
feed0c3dad9546f938215b510496a372f969dc0e24c3ba7256e894401bd9513c9d74f7733e4ced0068ff700c2b130ae9e6c69573524b2453f046bdefa9913f49
-
SSDEEP
49152:G0UGzZejFUfrOkUOM4evlM9HwZmej2eTX/h6Q:GvGyCfH1MROHmTj2IX/hT
Static task
static1
Behavioral task
behavioral1
Sample
aee2b970844215df21fc34b4a81c2faeb4ffdc0f0b6f71870833ce8cccdf9393.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
aee2b970844215df21fc34b4a81c2faeb4ffdc0f0b6f71870833ce8cccdf9393.exe
-
Size
1.8MB
-
MD5
9bc6892c4e3d73e9fbc8c8764fb3822e
-
SHA1
9129506ff676c2b620081fb13bc6497f3cbfaf44
-
SHA256
aee2b970844215df21fc34b4a81c2faeb4ffdc0f0b6f71870833ce8cccdf9393
-
SHA512
feed0c3dad9546f938215b510496a372f969dc0e24c3ba7256e894401bd9513c9d74f7733e4ced0068ff700c2b130ae9e6c69573524b2453f046bdefa9913f49
-
SSDEEP
49152:G0UGzZejFUfrOkUOM4evlM9HwZmej2eTX/h6Q:GvGyCfH1MROHmTj2IX/hT
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-