General
-
Target
462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972.exe
-
Size
1.7MB
-
Sample
241121-fbnryszbrl
-
MD5
4b517665a74a84df87d5360aa6560efb
-
SHA1
8e2981eaf255f7e1cc90da8b494148281769bcb4
-
SHA256
462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972
-
SHA512
98bd7c367a1c98eb8bacc975f5cd1a9302d68f6661af529f173fa9f2433ab773aed7c9a6fc8b41b654fffd3514443ec1804b86b747baf9b0d9381ce7d6b388ee
-
SSDEEP
49152:LKaFTLAwjiRsaAe9BOKRdqo0GQtTyWHIQ:2onjiyaAeOKRdEGETy
Static task
static1
Behavioral task
behavioral1
Sample
462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972.exe
-
Size
1.7MB
-
MD5
4b517665a74a84df87d5360aa6560efb
-
SHA1
8e2981eaf255f7e1cc90da8b494148281769bcb4
-
SHA256
462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972
-
SHA512
98bd7c367a1c98eb8bacc975f5cd1a9302d68f6661af529f173fa9f2433ab773aed7c9a6fc8b41b654fffd3514443ec1804b86b747baf9b0d9381ce7d6b388ee
-
SSDEEP
49152:LKaFTLAwjiRsaAe9BOKRdqo0GQtTyWHIQ:2onjiyaAeOKRdEGETy
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-