General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241002-wrfpaazcpl
-
MD5
0cc0dde30340df0d15b6303992299609
-
SHA1
046d9df9f62b9931dc762f8c6d80a63497341b82
-
SHA256
9f768bfae787aeed4ca09a7f95ea6d503338f8f1ed021fd9267e8c5c2560da56
-
SHA512
d977c031e3c5f11485344a86532196569ef5dcafd20e0f1c8fd87c743ee14cd4a4a7b35d6e747ffcf344c99f5a9d09158ea3222a03d9d7c49415cc57db71787f
-
SSDEEP
24576:cTbqtyUU5NxasZl6JNCtc31xCrY3huWYpTwaXUlYU4mU6KN58/9nRIM0Uycajbmc:mqcx91UxP37eJUlpKe9nRHzIjbmtR8
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
0cc0dde30340df0d15b6303992299609
-
SHA1
046d9df9f62b9931dc762f8c6d80a63497341b82
-
SHA256
9f768bfae787aeed4ca09a7f95ea6d503338f8f1ed021fd9267e8c5c2560da56
-
SHA512
d977c031e3c5f11485344a86532196569ef5dcafd20e0f1c8fd87c743ee14cd4a4a7b35d6e747ffcf344c99f5a9d09158ea3222a03d9d7c49415cc57db71787f
-
SSDEEP
24576:cTbqtyUU5NxasZl6JNCtc31xCrY3huWYpTwaXUlYU4mU6KN58/9nRIM0Uycajbmc:mqcx91UxP37eJUlpKe9nRHzIjbmtR8
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-