General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241002-nye3bsybnh
-
MD5
0434dad7570a5f1c63d073caa96faeb7
-
SHA1
4175730d18db94d87ff5f43e561b87f8cc0befdf
-
SHA256
ea80978610d6adc205715c9ec31c63488ccbdc52126a36d803d2f43915c5ebff
-
SHA512
cf7a76afa65a6fb8d8245c93c640173ae6a603a0c25724b5e68505111dcfef5ccc0a8bea3bcf8ead15407c50f330f7380909d310d61b37c2c09b5bf6fdb0bfe4
-
SSDEEP
49152:UPelS6tbxOtbB27xeYf3kTj9YlkIuhnhw5:+0S6R5x/0HaluTi
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
0434dad7570a5f1c63d073caa96faeb7
-
SHA1
4175730d18db94d87ff5f43e561b87f8cc0befdf
-
SHA256
ea80978610d6adc205715c9ec31c63488ccbdc52126a36d803d2f43915c5ebff
-
SHA512
cf7a76afa65a6fb8d8245c93c640173ae6a603a0c25724b5e68505111dcfef5ccc0a8bea3bcf8ead15407c50f330f7380909d310d61b37c2c09b5bf6fdb0bfe4
-
SSDEEP
49152:UPelS6tbxOtbB27xeYf3kTj9YlkIuhnhw5:+0S6R5x/0HaluTi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-