General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241117-rey8ms1kbs
-
MD5
0255e4488ab4cbe25f1a9a43d47d251b
-
SHA1
52246c3188a362fd122b9ff32594400a547f20bd
-
SHA256
bdfad8af9f3ac8abac993303d124a93f823a10d4e3444be73230b691251d6e58
-
SHA512
b5e447122126197d1e5cd6ace5fd9d95739df5805b452a58a8cacedf7ac73ac10abec01cc9c3e9fc43cbf8b5c3e3f11cc5dc8abc70ba90195594226de7617862
-
SSDEEP
24576:YV1g328isJARDjjEw0LipQO6P3ODTTb01XZ/CJ3W4sbQ+xl0tz0EFb4:YV1GosgE0V6WDj0vCJGnQil0Z0q
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
0255e4488ab4cbe25f1a9a43d47d251b
-
SHA1
52246c3188a362fd122b9ff32594400a547f20bd
-
SHA256
bdfad8af9f3ac8abac993303d124a93f823a10d4e3444be73230b691251d6e58
-
SHA512
b5e447122126197d1e5cd6ace5fd9d95739df5805b452a58a8cacedf7ac73ac10abec01cc9c3e9fc43cbf8b5c3e3f11cc5dc8abc70ba90195594226de7617862
-
SSDEEP
24576:YV1g328isJARDjjEw0LipQO6P3ODTTb01XZ/CJ3W4sbQ+xl0tz0EFb4:YV1GosgE0V6WDj0vCJGnQil0Z0q
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-