General
-
Target
a430b651d8d5e7f7a801122ee5c8608a8b766cf87447119f153a8a44940529bfN
-
Size
1.8MB
-
Sample
241023-n34w9aydna
-
MD5
824e74d3254bfc86e5966ec9873545e0
-
SHA1
d52da69c39ca667e239a93a3be19d66eec00a1b4
-
SHA256
a430b651d8d5e7f7a801122ee5c8608a8b766cf87447119f153a8a44940529bf
-
SHA512
8fa265e4c7bfc6bbf4d23d9c73e99470034bc801283e3f2829e4c31bdaa1e32d0e25467d1062c8f32e34a2c1595ec901aa0345ef4c1728c1ea5112c5a2903241
-
SSDEEP
49152:WIcARcbxqWuMZfnnydkNJTjMIQ+yxoZFXs7b5o8OD:WEWnuYp5MVNb5o
Static task
static1
Behavioral task
behavioral1
Sample
a430b651d8d5e7f7a801122ee5c8608a8b766cf87447119f153a8a44940529bfN.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
a430b651d8d5e7f7a801122ee5c8608a8b766cf87447119f153a8a44940529bfN
-
Size
1.8MB
-
MD5
824e74d3254bfc86e5966ec9873545e0
-
SHA1
d52da69c39ca667e239a93a3be19d66eec00a1b4
-
SHA256
a430b651d8d5e7f7a801122ee5c8608a8b766cf87447119f153a8a44940529bf
-
SHA512
8fa265e4c7bfc6bbf4d23d9c73e99470034bc801283e3f2829e4c31bdaa1e32d0e25467d1062c8f32e34a2c1595ec901aa0345ef4c1728c1ea5112c5a2903241
-
SSDEEP
49152:WIcARcbxqWuMZfnnydkNJTjMIQ+yxoZFXs7b5o8OD:WEWnuYp5MVNb5o
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-