General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241122-2wnhksxmgn
-
MD5
46357450c18691d06fb6fb48b1551b35
-
SHA1
da76c0bf347ef897c08632f7fcf070568163582a
-
SHA256
9d3adf953199b7602139a93915d8398bba7626548c5e34b0631e88b01fcf4433
-
SHA512
2d58a31991c8c9e53dcf25e6b49a0d3c0b969c0addd1848c04dd4b905ebdb85b057ae4b3b2bfea5fc605cf41a9697129e88b74d52b7f8d1eb71300ac447306a6
-
SSDEEP
49152:eoxNmI1jk3743Ti8Q8D/neKf6wv9x5uecVb6FXgvmZ:ehr4jif8DPRyheK0
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240729-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
46357450c18691d06fb6fb48b1551b35
-
SHA1
da76c0bf347ef897c08632f7fcf070568163582a
-
SHA256
9d3adf953199b7602139a93915d8398bba7626548c5e34b0631e88b01fcf4433
-
SHA512
2d58a31991c8c9e53dcf25e6b49a0d3c0b969c0addd1848c04dd4b905ebdb85b057ae4b3b2bfea5fc605cf41a9697129e88b74d52b7f8d1eb71300ac447306a6
-
SSDEEP
49152:eoxNmI1jk3743Ti8Q8D/neKf6wv9x5uecVb6FXgvmZ:ehr4jif8DPRyheK0
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-