General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241023-pyfvassejk
-
MD5
bc44a9ad64b1ab4bb57897cb26ad7003
-
SHA1
39de0615a7ee36c80355fe66fdb16d0b7d5fa168
-
SHA256
6ff34c76f942f695391be5c6c560caeadc070d2856642f91aeeaa96aa724b6d2
-
SHA512
bef7822e1af65b69c029daf5ea408766d4fdef3ada96a045ff803e7297e7266bdf3dc7f669f2a1dc82957a9b17818509e9bed1d6d6c7e599249acb7029a4c547
-
SSDEEP
24576:RZC++3sv6RjDMDKpRojHtg+Gr1fwDLAonv1I/WzLI5Z3dL+aSZsoH2e3+iCeONGx:N+hRO3G5WZ8Z89TWjFeO9
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
bc44a9ad64b1ab4bb57897cb26ad7003
-
SHA1
39de0615a7ee36c80355fe66fdb16d0b7d5fa168
-
SHA256
6ff34c76f942f695391be5c6c560caeadc070d2856642f91aeeaa96aa724b6d2
-
SHA512
bef7822e1af65b69c029daf5ea408766d4fdef3ada96a045ff803e7297e7266bdf3dc7f669f2a1dc82957a9b17818509e9bed1d6d6c7e599249acb7029a4c547
-
SSDEEP
24576:RZC++3sv6RjDMDKpRojHtg+Gr1fwDLAonv1I/WzLI5Z3dL+aSZsoH2e3+iCeONGx:N+hRO3G5WZ8Z89TWjFeO9
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-