General
-
Target
ce2d291542364be8bec1008295893ba24b3da288898923a4f11bb144bd664e6f.exe
-
Size
2.1MB
-
Sample
241102-kcac6szjct
-
MD5
806fda7172e2faf55675dd6f5dd76bb5
-
SHA1
a0b78d8e750cf05d84f7590295f8c089a0efb130
-
SHA256
ce2d291542364be8bec1008295893ba24b3da288898923a4f11bb144bd664e6f
-
SHA512
a8c767c42f3988e38d7f400034d846eb68e5a9a0b83e8defccbb068db9761c26637c1e58015361be255dd2d5fe81efc3cdf62b44dcb8279d1ddb49c37bed3e7e
-
SSDEEP
24576:0iIeK4bymvElk13GPcWRyRrgrURC2qk32BQUCtuYqlDMEIVREqAzFbrffp4v5ora:ueKwv8aAURGHBQUsuVNIYhzFffh0oM
Static task
static1
Behavioral task
behavioral1
Sample
ce2d291542364be8bec1008295893ba24b3da288898923a4f11bb144bd664e6f.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
ce2d291542364be8bec1008295893ba24b3da288898923a4f11bb144bd664e6f.exe
-
Size
2.1MB
-
MD5
806fda7172e2faf55675dd6f5dd76bb5
-
SHA1
a0b78d8e750cf05d84f7590295f8c089a0efb130
-
SHA256
ce2d291542364be8bec1008295893ba24b3da288898923a4f11bb144bd664e6f
-
SHA512
a8c767c42f3988e38d7f400034d846eb68e5a9a0b83e8defccbb068db9761c26637c1e58015361be255dd2d5fe81efc3cdf62b44dcb8279d1ddb49c37bed3e7e
-
SSDEEP
24576:0iIeK4bymvElk13GPcWRyRrgrURC2qk32BQUCtuYqlDMEIVREqAzFbrffp4v5ora:ueKwv8aAURGHBQUsuVNIYhzFffh0oM
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-