General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241002-r7kkyssblm
-
MD5
3807c2ee10a7bd2fa7898ab413081768
-
SHA1
c103b8bb690e559a32de9b1632711cf385970939
-
SHA256
c316a5deb9e9a5314e503543831cec7f1987c935ba301d214ad438ab436d8476
-
SHA512
254c38b29d5103088f77f2d1b0bb49500e2aafbdf9df18d4c8f6226461a20a3b7df026417f0c657b6822378ffd6e9cf610ed91b5841046c9aecda02c644521b0
-
SSDEEP
49152:yEpsrW7PkOJF9LmXQskI4FWSn91dwZZYS:yEtg0F9SXOIoXdpS
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
3807c2ee10a7bd2fa7898ab413081768
-
SHA1
c103b8bb690e559a32de9b1632711cf385970939
-
SHA256
c316a5deb9e9a5314e503543831cec7f1987c935ba301d214ad438ab436d8476
-
SHA512
254c38b29d5103088f77f2d1b0bb49500e2aafbdf9df18d4c8f6226461a20a3b7df026417f0c657b6822378ffd6e9cf610ed91b5841046c9aecda02c644521b0
-
SSDEEP
49152:yEpsrW7PkOJF9LmXQskI4FWSn91dwZZYS:yEtg0F9SXOIoXdpS
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-