General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241120-2zhrhavqaw
-
MD5
4aa6455467f057d4ecc679594c842f1f
-
SHA1
77fc6e6b77596088193d357ab7be0a2412920169
-
SHA256
3252882deddce18bdd91379c9e9481ca36c045a5550e12465893a617022e62f1
-
SHA512
f9a555449e8b50e13a5c574b9f764d4ed52deb0a6e0f76eff5a9af42a90aaea1c729e4b753d09f0b53099091222203dc74ee2ed0c4f4fe92b23409bfba3f6ad7
-
SSDEEP
49152:F44DpqrtczV4MzyNqeTV8wu0DVgJrf/T34ohS:64DYr+RnzSmBYAXT34oh
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
4aa6455467f057d4ecc679594c842f1f
-
SHA1
77fc6e6b77596088193d357ab7be0a2412920169
-
SHA256
3252882deddce18bdd91379c9e9481ca36c045a5550e12465893a617022e62f1
-
SHA512
f9a555449e8b50e13a5c574b9f764d4ed52deb0a6e0f76eff5a9af42a90aaea1c729e4b753d09f0b53099091222203dc74ee2ed0c4f4fe92b23409bfba3f6ad7
-
SSDEEP
49152:F44DpqrtczV4MzyNqeTV8wu0DVgJrf/T34ohS:64DYr+RnzSmBYAXT34oh
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-