General
-
Target
file.exe
-
Size
1.8MB
-
Sample
241121-vr5gzaykdr
-
MD5
2f54862033f0c859845e063b0de4086b
-
SHA1
448d12afa10f15b4ca1eaf57c8f88b30ae70608e
-
SHA256
f5947732c4e7fa325ba0f68f616411a07a3f7a6f758ecf59eacda86398b7be20
-
SHA512
09b7809d7bbfb501dee9dffd40aec7b7ecbc0dfb3386f19c9b50841a13a28aeeb85bea9e9a901ad8c8897acbb8434fdcfb65f1138609c281519eabe147d9c9df
-
SSDEEP
49152:IKLsUCXqRyjOgzcODpw4erSJNIMg8xd0Cl8:I+s2yig1pwZCIMpD/l
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
2f54862033f0c859845e063b0de4086b
-
SHA1
448d12afa10f15b4ca1eaf57c8f88b30ae70608e
-
SHA256
f5947732c4e7fa325ba0f68f616411a07a3f7a6f758ecf59eacda86398b7be20
-
SHA512
09b7809d7bbfb501dee9dffd40aec7b7ecbc0dfb3386f19c9b50841a13a28aeeb85bea9e9a901ad8c8897acbb8434fdcfb65f1138609c281519eabe147d9c9df
-
SSDEEP
49152:IKLsUCXqRyjOgzcODpw4erSJNIMg8xd0Cl8:I+s2yig1pwZCIMpD/l
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-