General
-
Target
file.exe
-
Size
2.1MB
-
Sample
241027-14gvbstepb
-
MD5
11d371b34a65885463238812667dd2cf
-
SHA1
05be5ecd6e21c0bc458e98efb3af82fd75e7d5cd
-
SHA256
6c7cf18565dfa14e6acd5449bf2fd7c48b288a7aa01e4f5b537d04c46b7ee3a5
-
SHA512
bb2eb8cc936852f30d45c52a0ee70a46fcc93834261e97460e38b8bfacf0fa6c149481b6e8098d1e0b6838a1e59460c4a38b8f03c44088cb358dc8da5cdeccb2
-
SSDEEP
49152:0x0yB9yFKdeDS3df0iEAk4blyeiafI6MbbAEa:0x0wyB+3dfxEAxbfI6MbbA
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
file.exe
-
Size
2.1MB
-
MD5
11d371b34a65885463238812667dd2cf
-
SHA1
05be5ecd6e21c0bc458e98efb3af82fd75e7d5cd
-
SHA256
6c7cf18565dfa14e6acd5449bf2fd7c48b288a7aa01e4f5b537d04c46b7ee3a5
-
SHA512
bb2eb8cc936852f30d45c52a0ee70a46fcc93834261e97460e38b8bfacf0fa6c149481b6e8098d1e0b6838a1e59460c4a38b8f03c44088cb358dc8da5cdeccb2
-
SSDEEP
49152:0x0yB9yFKdeDS3df0iEAk4blyeiafI6MbbAEa:0x0wyB+3dfxEAxbfI6MbbA
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-