General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241002-zze99szgpd
-
MD5
48d1da4a5abcc06e5b66eceb3358798b
-
SHA1
ef7f178c14b591875355ef9b0d4b0cb70f4160ac
-
SHA256
bbbf8e47190ac2362630096db0b05371e693bf298be7a8ec2a18179595521fec
-
SHA512
f2ab6369c3e01ce332a85a967d6aa7a04f9fa03786e7c93db403bd38f1a893c4e4fccdb1094657219e9650ec4bc7d64ec0794f872d198f85c61fc1e07fd6a02b
-
SSDEEP
24576:8b4CErELvMBwEwWTt3ylNFzfYg72jaZxLDDf++iJH6/WctKaD5EKWqdCMUNAqCNz:7XGvLtl3pCj4xLDDf6s/WkFJ/g5
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
48d1da4a5abcc06e5b66eceb3358798b
-
SHA1
ef7f178c14b591875355ef9b0d4b0cb70f4160ac
-
SHA256
bbbf8e47190ac2362630096db0b05371e693bf298be7a8ec2a18179595521fec
-
SHA512
f2ab6369c3e01ce332a85a967d6aa7a04f9fa03786e7c93db403bd38f1a893c4e4fccdb1094657219e9650ec4bc7d64ec0794f872d198f85c61fc1e07fd6a02b
-
SSDEEP
24576:8b4CErELvMBwEwWTt3ylNFzfYg72jaZxLDDf++iJH6/WctKaD5EKWqdCMUNAqCNz:7XGvLtl3pCj4xLDDf6s/WkFJ/g5
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4