General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241002-vb858azhkf
-
MD5
9267e551326d9f70ca969543647f060b
-
SHA1
19a3f3bff029fb895b5d256d6d6a4cce1e5d8a85
-
SHA256
4ffb89ed6560f1f1e8c683cd4451982c9588cf8ac2846f652ba88e611dc639bd
-
SHA512
f90265f584d3ba3c0974d8c8a0968085a4716c8ca8251b858e33de0abfdba5acb37b0ffca3ff2c44fce1150b58eac1ed688a2d731bd84fd850785ea5424afb2d
-
SSDEEP
49152:OLXUAVXAcRNdrKXz/yDqffgb8sa0pQspR+MFVJYWz:UXFduXzI/ndQspRDFx
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
9267e551326d9f70ca969543647f060b
-
SHA1
19a3f3bff029fb895b5d256d6d6a4cce1e5d8a85
-
SHA256
4ffb89ed6560f1f1e8c683cd4451982c9588cf8ac2846f652ba88e611dc639bd
-
SHA512
f90265f584d3ba3c0974d8c8a0968085a4716c8ca8251b858e33de0abfdba5acb37b0ffca3ff2c44fce1150b58eac1ed688a2d731bd84fd850785ea5424afb2d
-
SSDEEP
49152:OLXUAVXAcRNdrKXz/yDqffgb8sa0pQspR+MFVJYWz:UXFduXzI/ndQspRDFx
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-