General
-
Target
82672b451fdaee65c1fbcac9db7d969bb928f566f6d8ae55bd4c02a34236ddcd.exe
-
Size
1.7MB
-
Sample
241122-c6vxzaynfn
-
MD5
839a665835f7c3206f7dcfc30378eb90
-
SHA1
1facfc21eed29ae31ea6781482da70e87a8f89ff
-
SHA256
82672b451fdaee65c1fbcac9db7d969bb928f566f6d8ae55bd4c02a34236ddcd
-
SHA512
f3543bad711c788329c6be8f8a7cfa06b9203cb1a73f9f617f05c4cc6f8557b3d0b81d8a500e1202d4b92ead0440d4b70ccd119896e51be531ededbee88b48f9
-
SSDEEP
24576:bVpf7Ep73Z0fa6l5kAmrUU7efuNwYA5mWnFPb/fK5AMEpoxxPhblwRpbvpkvz4IP:JpM107l5kAc1eNEUaAMrxP5lJKPc6b
Static task
static1
Behavioral task
behavioral1
Sample
82672b451fdaee65c1fbcac9db7d969bb928f566f6d8ae55bd4c02a34236ddcd.exe
Resource
win7-20241023-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
82672b451fdaee65c1fbcac9db7d969bb928f566f6d8ae55bd4c02a34236ddcd.exe
-
Size
1.7MB
-
MD5
839a665835f7c3206f7dcfc30378eb90
-
SHA1
1facfc21eed29ae31ea6781482da70e87a8f89ff
-
SHA256
82672b451fdaee65c1fbcac9db7d969bb928f566f6d8ae55bd4c02a34236ddcd
-
SHA512
f3543bad711c788329c6be8f8a7cfa06b9203cb1a73f9f617f05c4cc6f8557b3d0b81d8a500e1202d4b92ead0440d4b70ccd119896e51be531ededbee88b48f9
-
SSDEEP
24576:bVpf7Ep73Z0fa6l5kAmrUU7efuNwYA5mWnFPb/fK5AMEpoxxPhblwRpbvpkvz4IP:JpM107l5kAc1eNEUaAMrxP5lJKPc6b
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-