General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241002-ta2t3syapg
-
MD5
ee7da1cb43d37f296cc5c5915dbbfdcb
-
SHA1
368daff2e29e2b86579f1df6d61e9d444f3b0e3c
-
SHA256
a01200a5fdda2e012ca18c8971dafe8097c371beebdbbcd94a4c75590857d303
-
SHA512
2dbfb38878b0b5140d741c1114447c2c502657ff6c8f4d5bf2cc9dd1632d1167fc6842b3aa0031cd09df730aed44f21ac2582dc2692166ead091e8b1e05fc733
-
SSDEEP
24576:we/g4RWt3gg1MoemWCChH9SBW7tInwrqxABExIojVXlrBALiU0J7trPzBLRlB8be:hWt35ioiUB8aBgENlrntRRoIrYXl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
ee7da1cb43d37f296cc5c5915dbbfdcb
-
SHA1
368daff2e29e2b86579f1df6d61e9d444f3b0e3c
-
SHA256
a01200a5fdda2e012ca18c8971dafe8097c371beebdbbcd94a4c75590857d303
-
SHA512
2dbfb38878b0b5140d741c1114447c2c502657ff6c8f4d5bf2cc9dd1632d1167fc6842b3aa0031cd09df730aed44f21ac2582dc2692166ead091e8b1e05fc733
-
SSDEEP
24576:we/g4RWt3gg1MoemWCChH9SBW7tInwrqxABExIojVXlrBALiU0J7trPzBLRlB8be:hWt35ioiUB8aBgENlrntRRoIrYXl
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4