General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241120-wh1cbsvndm
-
MD5
0c50a08dffa73cfbb9ee5ba4382bdefc
-
SHA1
b21d45218d280416859c21b9c628315d6d71690f
-
SHA256
ea7617b4a5571a89a06ef9bb195dc92a178ea4e0a6a514030eb288f54d26f0a3
-
SHA512
529275d8e96270c711ecee981bb07a3e70eab1a01e3550898449cc9cf2da57b0e823d36fcbfca92f006ebd2b47dd1e9d7dbf2367baf14e010f179e521eeabeea
-
SSDEEP
49152:trCQTxztO4r76EMuOfB/vxbPGpz5aFot5wlN:zrO276+6B/ZbYaFo5wlN
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
0c50a08dffa73cfbb9ee5ba4382bdefc
-
SHA1
b21d45218d280416859c21b9c628315d6d71690f
-
SHA256
ea7617b4a5571a89a06ef9bb195dc92a178ea4e0a6a514030eb288f54d26f0a3
-
SHA512
529275d8e96270c711ecee981bb07a3e70eab1a01e3550898449cc9cf2da57b0e823d36fcbfca92f006ebd2b47dd1e9d7dbf2367baf14e010f179e521eeabeea
-
SSDEEP
49152:trCQTxztO4r76EMuOfB/vxbPGpz5aFot5wlN:zrO276+6B/ZbYaFo5wlN
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-