General
-
Target
00f85df4b3b992ef1030c3b26626c3bd961f66eabfc26b9c49d52953415d288b.exe
-
Size
1.8MB
-
Sample
241003-bc1qpawdjk
-
MD5
2252ee92f584848eac43445204fec9a4
-
SHA1
411ee89cbdcd58f985efce1c042d851b391c5643
-
SHA256
00f85df4b3b992ef1030c3b26626c3bd961f66eabfc26b9c49d52953415d288b
-
SHA512
b3da7770e51cf346c7492dd56ea0852b4002e801097a58d90c5b26adfc35fb814571c723e15495821af7470ce3febb8bf219bd4b7e7060448139b62e3c58d5ed
-
SSDEEP
24576:eXhk2UMJ30ZhbqaZulyAdmKTgBfRWAAbd1GYhqUb7Y8PuHCZVJd2RDWHYhU3Bt2b:eXKXm0X1GmvHrAZQjiZV2pW4hw69ci
Static task
static1
Behavioral task
behavioral1
Sample
00f85df4b3b992ef1030c3b26626c3bd961f66eabfc26b9c49d52953415d288b.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
00f85df4b3b992ef1030c3b26626c3bd961f66eabfc26b9c49d52953415d288b.exe
-
Size
1.8MB
-
MD5
2252ee92f584848eac43445204fec9a4
-
SHA1
411ee89cbdcd58f985efce1c042d851b391c5643
-
SHA256
00f85df4b3b992ef1030c3b26626c3bd961f66eabfc26b9c49d52953415d288b
-
SHA512
b3da7770e51cf346c7492dd56ea0852b4002e801097a58d90c5b26adfc35fb814571c723e15495821af7470ce3febb8bf219bd4b7e7060448139b62e3c58d5ed
-
SSDEEP
24576:eXhk2UMJ30ZhbqaZulyAdmKTgBfRWAAbd1GYhqUb7Y8PuHCZVJd2RDWHYhU3Bt2b:eXKXm0X1GmvHrAZQjiZV2pW4hw69ci
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-