General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241120-xe665ssbjr
-
MD5
b47ca39f8e231d2868e251f775f1e466
-
SHA1
eddd4499ba642788bc77544b67226538da14d651
-
SHA256
d8906e0e0e173ede05401aaa09f2083b28260928b1278164d7008992e75cceae
-
SHA512
24099b5b0830cf2f50be554e29d92c09be205adf2d3bf8dac2ec609af1c5f7a51f657a10b55e5bd138ba6ab815539e74a4976ed23a2312b1624d2e901865b2a9
-
SSDEEP
49152:rrCrbqzOFonTOEZJM6cBs2esffk4Kt+z3hYdAnAurE:nSbqIE9as/snk4Kt+idCQ
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
b47ca39f8e231d2868e251f775f1e466
-
SHA1
eddd4499ba642788bc77544b67226538da14d651
-
SHA256
d8906e0e0e173ede05401aaa09f2083b28260928b1278164d7008992e75cceae
-
SHA512
24099b5b0830cf2f50be554e29d92c09be205adf2d3bf8dac2ec609af1c5f7a51f657a10b55e5bd138ba6ab815539e74a4976ed23a2312b1624d2e901865b2a9
-
SSDEEP
49152:rrCrbqzOFonTOEZJM6cBs2esffk4Kt+z3hYdAnAurE:nSbqIE9as/snk4Kt+idCQ
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-