General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241023-vch1esseqk
-
MD5
172bf58ab4bb9a4e3d1b20f03b30c315
-
SHA1
16dc5beef32c7e3272e6d3b6980a3e385dcd69c7
-
SHA256
a43537b7a34c2d47c025269ced5448098850275b95007519b2eab213e9f214fe
-
SHA512
00516c49b2cb12bd07da53028af6e8508e6240b88eb4a7e78c9f8f4cccc1e42683c4482ca09615de3fabf29198a928779c1e03b9b083a42f9194097eb1c2c06a
-
SSDEEP
49152:mBuUicUQZdLHiiB4yRX8GNsFTL2aKPuQ1RJ2gub5dKv1g7bqjC:1U7/dLWMXpETlQ1r2gZ
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
172bf58ab4bb9a4e3d1b20f03b30c315
-
SHA1
16dc5beef32c7e3272e6d3b6980a3e385dcd69c7
-
SHA256
a43537b7a34c2d47c025269ced5448098850275b95007519b2eab213e9f214fe
-
SHA512
00516c49b2cb12bd07da53028af6e8508e6240b88eb4a7e78c9f8f4cccc1e42683c4482ca09615de3fabf29198a928779c1e03b9b083a42f9194097eb1c2c06a
-
SSDEEP
49152:mBuUicUQZdLHiiB4yRX8GNsFTL2aKPuQ1RJ2gub5dKv1g7bqjC:1U7/dLWMXpETlQ1r2gZ
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-