General
-
Target
66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65.exe
-
Size
1.7MB
-
Sample
241003-byqslsxfnk
-
MD5
a3353614cad88624dbedc88966d5bcdd
-
SHA1
e14baf1143209efbeda79a5ad406da88138b9edf
-
SHA256
66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65
-
SHA512
82b0c13314250625b2d1f3d9ae946cff774b42dc85f3b0b064fd2d00c4e70fee9226519e2542f3b11b38265ce64f04746a3859cb097d76da5ac39d0e294b6a0a
-
SSDEEP
49152:olO26MxC0iYWqSZBl+iuAZ+wVROkk7ZK:oSn0iY/SRT+wvZaZ
Static task
static1
Behavioral task
behavioral1
Sample
66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65.exe
-
Size
1.7MB
-
MD5
a3353614cad88624dbedc88966d5bcdd
-
SHA1
e14baf1143209efbeda79a5ad406da88138b9edf
-
SHA256
66c42102f52f5603a80f093bc8e328ba81aea31d2db414a80947736f68dd3d65
-
SHA512
82b0c13314250625b2d1f3d9ae946cff774b42dc85f3b0b064fd2d00c4e70fee9226519e2542f3b11b38265ce64f04746a3859cb097d76da5ac39d0e294b6a0a
-
SSDEEP
49152:olO26MxC0iYWqSZBl+iuAZ+wVROkk7ZK:oSn0iY/SRT+wvZaZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-