General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241120-zpvl7sterm
-
MD5
4b5b6c5e22eb5b54fe868146f3eb135a
-
SHA1
4befd8d3f3344123701518370be0b471cc9c359f
-
SHA256
aef9bf494cc14ae02f71a0d63807fa488f72cc91b9d8c28edcc28c13a43ae55b
-
SHA512
bd49c85cac7c34568fdb3fa4eb980c11170bbdbc274d04b695f3e88d37bea4058f1979bd5f3f2b594f3446e5a5a53ba3da97b83523b842fa6018bccca22aa1ca
-
SSDEEP
49152:nsDtZHIZZZZ1Jrv/7l1eOb1OCJW5TFrMgs2dpHJOH:nn37711rgt7wH
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
4b5b6c5e22eb5b54fe868146f3eb135a
-
SHA1
4befd8d3f3344123701518370be0b471cc9c359f
-
SHA256
aef9bf494cc14ae02f71a0d63807fa488f72cc91b9d8c28edcc28c13a43ae55b
-
SHA512
bd49c85cac7c34568fdb3fa4eb980c11170bbdbc274d04b695f3e88d37bea4058f1979bd5f3f2b594f3446e5a5a53ba3da97b83523b842fa6018bccca22aa1ca
-
SSDEEP
49152:nsDtZHIZZZZ1Jrv/7l1eOb1OCJW5TFrMgs2dpHJOH:nn37711rgt7wH
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-