General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241001-tlr41sybkp
-
MD5
d77353cbaa10bf7fcd96c007ff5f18c2
-
SHA1
5b4b911709a472d69938c93feff8c629b620b038
-
SHA256
42db72d6b807b26c29714f59e923ec09468e21d863005949bcba35ca7c970b20
-
SHA512
07add8f95182ab5f67d2bfaaec41990291a6b62c8d934b2d3338a399593e7aa0e6e76eee2fbc82698b62fa037b670abb7765974d54e465d28d5b1a3ec99c790e
-
SSDEEP
49152:I34zGaaZcPWkMUm7IPTc5OmAEx7ng0XOKDcr/H:NzFWUWkMUm7YwDMKDcLH
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
d77353cbaa10bf7fcd96c007ff5f18c2
-
SHA1
5b4b911709a472d69938c93feff8c629b620b038
-
SHA256
42db72d6b807b26c29714f59e923ec09468e21d863005949bcba35ca7c970b20
-
SHA512
07add8f95182ab5f67d2bfaaec41990291a6b62c8d934b2d3338a399593e7aa0e6e76eee2fbc82698b62fa037b670abb7765974d54e465d28d5b1a3ec99c790e
-
SSDEEP
49152:I34zGaaZcPWkMUm7IPTc5OmAEx7ng0XOKDcr/H:NzFWUWkMUm7YwDMKDcLH
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-