Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2024 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1.7MB

  • MD5

    5cfbe0da0b40bbeb190147dfcc81172a

  • SHA1

    c3c14be27aee42fc6389ce2a4f2f2f89d7a05908

  • SHA256

    8c3c66bd7526e3d3ed957c00536ad3968ba6ac9aaa0a5d2c2016bd195b698be2

  • SHA512

    584a8ed79f73cb3bd0aa1a9243aab48358ce77ee35076ab0fbe0a292d1a3fafc53d39526c9734b2ede35afd1715fe7bf0e13f86ad124473aa52a3935b69cb08c

  • SSDEEP

    49152:2mc0E71r0ek93xEJYEb6jQ2I+j+RMhXCkOR0FVH9:2mcPdeDUY6du+RMhVlFVH9

Score
10/10
stealcdomacredential_accessdiscoveryevasionspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:1448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\mozglue.dll
    Filesize

    593KB

    MD5

    c8fd9be83bc728cc04beffafc2907fe9

    SHA1

    95ab9f701e0024cedfbd312bcfe4e726744c4f2e

    SHA256

    ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

    SHA512

    fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

    Download Submit

  • \ProgramData\nss3.dll
    Filesize

    2.0MB

    MD5

    1cc453cdf74f31e4d913ff9c10acdde2

    SHA1

    6e85eae544d6e965f15fa5c39700fa7202f3aafe

    SHA256

    ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

    SHA512

    dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

    Download Submit

  • memory/1448-0-0x0000000000130000-0x00000000007C6000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/1448-1-0x0000000077110000-0x0000000077112000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1448-2-0x0000000000131000-0x0000000000154000-memory.dmp

    Filesize

    140KB

    Download

  • memory/1448-3-0x0000000000130000-0x00000000007C6000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/1448-4-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/1448-59-0x0000000000130000-0x00000000007C6000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/1448-65-0x0000000000130000-0x00000000007C6000-memory.dmp

    Filesize

    6.6MB

    Download