General
-
Target
3eee56925a00f1e0162ec92e9e2cb827a2977a229aa8e6e303d24849ae6d6469.exe
-
Size
1.7MB
-
Sample
241121-e5q9hayndt
-
MD5
d1f75fb0b0afd1ea41c2dccd9c3d2427
-
SHA1
6fdb92b4b415d69584ea1844ec2eed9f068f9640
-
SHA256
3eee56925a00f1e0162ec92e9e2cb827a2977a229aa8e6e303d24849ae6d6469
-
SHA512
0cdac8c2b9508edc06b27065b692d2268fa62949cb7813ae36f168f1ac7bd88c6cae3e2e121e42aec064681ffe387ab9757285c45b0008f19f8c0b5d9047eea4
-
SSDEEP
49152:z5aFRvsfImgaY2RKIZE1dW5e00M8IfhF:z5aMfIm1+wE+52Mj
Static task
static1
Behavioral task
behavioral1
Sample
3eee56925a00f1e0162ec92e9e2cb827a2977a229aa8e6e303d24849ae6d6469.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
3eee56925a00f1e0162ec92e9e2cb827a2977a229aa8e6e303d24849ae6d6469.exe
-
Size
1.7MB
-
MD5
d1f75fb0b0afd1ea41c2dccd9c3d2427
-
SHA1
6fdb92b4b415d69584ea1844ec2eed9f068f9640
-
SHA256
3eee56925a00f1e0162ec92e9e2cb827a2977a229aa8e6e303d24849ae6d6469
-
SHA512
0cdac8c2b9508edc06b27065b692d2268fa62949cb7813ae36f168f1ac7bd88c6cae3e2e121e42aec064681ffe387ab9757285c45b0008f19f8c0b5d9047eea4
-
SSDEEP
49152:z5aFRvsfImgaY2RKIZE1dW5e00M8IfhF:z5aMfIm1+wE+52Mj
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-