General
-
Target
004cb0e8c07cc1b3f0613d1148d353c359ceffb8e2b27da445ed0eb11456b282.exe
-
Size
1.8MB
-
Sample
241003-bcxc9szdlf
-
MD5
44397c793b2976c5571c32b11842e395
-
SHA1
d268ccdfb8eceb1f3ed0ccbb05f31b759528c0b7
-
SHA256
004cb0e8c07cc1b3f0613d1148d353c359ceffb8e2b27da445ed0eb11456b282
-
SHA512
b0f8eacb7045a7a79a1fcc17f1d181b6e3a17ad06fd5097920e6707a806c9f6fb70aa5397e7e2309b6a7f80593102fb34a54583adc5397d583b1612f67216829
-
SSDEEP
49152:OI0xvJVaKkL19qw8z+BDF0fV/HEkWa5ZWk:OIEMqw8iDFUfEkRZ/
Static task
static1
Behavioral task
behavioral1
Sample
004cb0e8c07cc1b3f0613d1148d353c359ceffb8e2b27da445ed0eb11456b282.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
004cb0e8c07cc1b3f0613d1148d353c359ceffb8e2b27da445ed0eb11456b282.exe
-
Size
1.8MB
-
MD5
44397c793b2976c5571c32b11842e395
-
SHA1
d268ccdfb8eceb1f3ed0ccbb05f31b759528c0b7
-
SHA256
004cb0e8c07cc1b3f0613d1148d353c359ceffb8e2b27da445ed0eb11456b282
-
SHA512
b0f8eacb7045a7a79a1fcc17f1d181b6e3a17ad06fd5097920e6707a806c9f6fb70aa5397e7e2309b6a7f80593102fb34a54583adc5397d583b1612f67216829
-
SSDEEP
49152:OI0xvJVaKkL19qw8z+BDF0fV/HEkWa5ZWk:OIEMqw8iDFUfEkRZ/
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-