General
-
Target
a219181616f63c8b8754c20c54b64d31f2d0f87f47d763a783ebe8b6b00bcd12
-
Size
1.7MB
-
Sample
241120-m4ccyswkay
-
MD5
ded5d8a114b9d590deb2160ebeaf53f5
-
SHA1
bdd295a3fd9fbe59c07a5225d0abeb1016e55187
-
SHA256
a219181616f63c8b8754c20c54b64d31f2d0f87f47d763a783ebe8b6b00bcd12
-
SHA512
9051229e9217c3142717b538eb14fdebf3d0d8c0a03b2fa5b1309c2ef391a11ed65e122c10c7efcf51568d87bd5942d8a3a6da3dba3f86a703785e525dcb1ddc
-
SSDEEP
24576:Mu0VRDVFXFHaQXmpppruvy6LOVSerZ8je+l8KRK863GEtv9cgFwUwzl3kId:MuSRh9BaQXGruaA8Seai+ltaGebwZ3
Static task
static1
Behavioral task
behavioral1
Sample
a219181616f63c8b8754c20c54b64d31f2d0f87f47d763a783ebe8b6b00bcd12.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
a219181616f63c8b8754c20c54b64d31f2d0f87f47d763a783ebe8b6b00bcd12
-
Size
1.7MB
-
MD5
ded5d8a114b9d590deb2160ebeaf53f5
-
SHA1
bdd295a3fd9fbe59c07a5225d0abeb1016e55187
-
SHA256
a219181616f63c8b8754c20c54b64d31f2d0f87f47d763a783ebe8b6b00bcd12
-
SHA512
9051229e9217c3142717b538eb14fdebf3d0d8c0a03b2fa5b1309c2ef391a11ed65e122c10c7efcf51568d87bd5942d8a3a6da3dba3f86a703785e525dcb1ddc
-
SSDEEP
24576:Mu0VRDVFXFHaQXmpppruvy6LOVSerZ8je+l8KRK863GEtv9cgFwUwzl3kId:MuSRh9BaQXGruaA8Seai+ltaGebwZ3
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-