General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241121-pb7z9sskbt
-
MD5
f82d9cecd341af38b222a4306bc0588a
-
SHA1
3359c049fe7cdb1867c8e19fb9d4c8ad54432b6f
-
SHA256
f5622ec8edbadee157c022829ea267ee17ca517e9f306f0712c425024615f972
-
SHA512
153ffc9b6d8fccbd8fb5cbf493177ecc1e0af5488c09409574ad64b392e66d59fad6fa7c88087ca57f47007aa15db084c7bc8ced81f88391d069fac4fff7eae6
-
SSDEEP
49152:jFUgC1CbpZKv4iGSpXTDssKnhJ062HGFFhyeOJUIRFops32LF:prRbpDSpDQRhJ06yGF7yrV34
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
f82d9cecd341af38b222a4306bc0588a
-
SHA1
3359c049fe7cdb1867c8e19fb9d4c8ad54432b6f
-
SHA256
f5622ec8edbadee157c022829ea267ee17ca517e9f306f0712c425024615f972
-
SHA512
153ffc9b6d8fccbd8fb5cbf493177ecc1e0af5488c09409574ad64b392e66d59fad6fa7c88087ca57f47007aa15db084c7bc8ced81f88391d069fac4fff7eae6
-
SSDEEP
49152:jFUgC1CbpZKv4iGSpXTDssKnhJ062HGFFhyeOJUIRFops32LF:prRbpDSpDQRhJ06yGF7yrV34
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-