General
-
Target
7eafd68e2bbc31f1594debcbbbaa7d782436befb508e7672e70dadc075a17f20.exe
-
Size
1.8MB
-
Sample
241122-c552jsynej
-
MD5
5d5b34c976fa92c5652722de16d2e98b
-
SHA1
dc9e11721bb7920305e240ba778b8b0d903f3a3a
-
SHA256
7eafd68e2bbc31f1594debcbbbaa7d782436befb508e7672e70dadc075a17f20
-
SHA512
514757c5dd3974fdbc7cdc11aae9783efea0630faeefa9a8a7041752ffd8893e3499b691f285164fc8ed90cc49d97e3a6d9d6678145b75967abd62b4f61d2291
-
SSDEEP
49152:J6cMo8LwRCUnx8quXy42AKEPRDrRZmUWC6v:QcZkJUn0XyxAKy/mp
Static task
static1
Behavioral task
behavioral1
Sample
7eafd68e2bbc31f1594debcbbbaa7d782436befb508e7672e70dadc075a17f20.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
7eafd68e2bbc31f1594debcbbbaa7d782436befb508e7672e70dadc075a17f20.exe
-
Size
1.8MB
-
MD5
5d5b34c976fa92c5652722de16d2e98b
-
SHA1
dc9e11721bb7920305e240ba778b8b0d903f3a3a
-
SHA256
7eafd68e2bbc31f1594debcbbbaa7d782436befb508e7672e70dadc075a17f20
-
SHA512
514757c5dd3974fdbc7cdc11aae9783efea0630faeefa9a8a7041752ffd8893e3499b691f285164fc8ed90cc49d97e3a6d9d6678145b75967abd62b4f61d2291
-
SSDEEP
49152:J6cMo8LwRCUnx8quXy42AKEPRDrRZmUWC6v:QcZkJUn0XyxAKy/mp
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-