General
-
Target
file.exe
-
Size
2.1MB
-
Sample
241027-zydp2ssdrg
-
MD5
89fe288ad46d83c88f21e53434582e9d
-
SHA1
3c40087afe459adc189df369b41f9f4ce68b4317
-
SHA256
2b5485e8c671f5ef74c711f373d62ecd309311bccba6354919dcd1b28fb2e2ec
-
SHA512
2950eca6dfcf03751fc77fafc036c0b2b9e8fc55d40eff5a150722dd8cec5e80d6dd15a37042bd38a79d55eb92b9f8e472761671b75dcd58ed4d2ee6740ef533
-
SSDEEP
49152:puBHM3mSI84QA66kNvKnoyW6RdSwkHKL1wt/b36FrbecG/s4ldf5:cBM3ml/566g3owLg16Yrbvg3x
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
file.exe
-
Size
2.1MB
-
MD5
89fe288ad46d83c88f21e53434582e9d
-
SHA1
3c40087afe459adc189df369b41f9f4ce68b4317
-
SHA256
2b5485e8c671f5ef74c711f373d62ecd309311bccba6354919dcd1b28fb2e2ec
-
SHA512
2950eca6dfcf03751fc77fafc036c0b2b9e8fc55d40eff5a150722dd8cec5e80d6dd15a37042bd38a79d55eb92b9f8e472761671b75dcd58ed4d2ee6740ef533
-
SSDEEP
49152:puBHM3mSI84QA66kNvKnoyW6RdSwkHKL1wt/b36FrbecG/s4ldf5:cBM3ml/566g3owLg16Yrbvg3x
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-