General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241001-y1j46sscpa
-
MD5
7c170238c3fdf496e5420134b8f2c1e6
-
SHA1
45c78f3c1f17a5cb39fe957ee144b69c6fc81211
-
SHA256
33cbd0e0fa5ac49cb28c3f095077c7b82cc6127d78a0024eff5e5d9f3fc12029
-
SHA512
af3366534e37f3aab1823a121fe88f2176c1ea64c7f940de4063a69551a118629f7832f7171cf4f88e076c6d6a04d9d5a96aa3493f447d54d961cec420491fac
-
SSDEEP
49152:KZJAJB41PcUGRVoEDXVfi60LGv6zk565Po:CAQhcUGUEDXVfauT4P
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
7c170238c3fdf496e5420134b8f2c1e6
-
SHA1
45c78f3c1f17a5cb39fe957ee144b69c6fc81211
-
SHA256
33cbd0e0fa5ac49cb28c3f095077c7b82cc6127d78a0024eff5e5d9f3fc12029
-
SHA512
af3366534e37f3aab1823a121fe88f2176c1ea64c7f940de4063a69551a118629f7832f7171cf4f88e076c6d6a04d9d5a96aa3493f447d54d961cec420491fac
-
SSDEEP
49152:KZJAJB41PcUGRVoEDXVfi60LGv6zk565Po:CAQhcUGUEDXVfauT4P
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-