General
-
Target
8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53.exe
-
Size
1.8MB
-
Sample
241122-c9wzfaypbm
-
MD5
33ce040234457605280e28c3bda4ae36
-
SHA1
5f3a7512ea1a032aabd60a2fd364d073ee2fc8f9
-
SHA256
8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53
-
SHA512
997e26d1137bc0e6594ce3d3bdc33013e3c684cd244294bb3c6da0c81696da55a6865830092193c8e233990712bde31e7ea3b198f94f0e55d7008aea10016e16
-
SSDEEP
49152:Y1y20JZiLlkEkOXHKWI+w8EO/mdobM/JImNaWO/3vul8j:cy3/Clk8HKWIj8EmlCIWS3i
Static task
static1
Behavioral task
behavioral1
Sample
8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53.exe
-
Size
1.8MB
-
MD5
33ce040234457605280e28c3bda4ae36
-
SHA1
5f3a7512ea1a032aabd60a2fd364d073ee2fc8f9
-
SHA256
8e5a7beeec8489d20ca75c332acf7eb1460dca63256842479c3d5b1ca3f48d53
-
SHA512
997e26d1137bc0e6594ce3d3bdc33013e3c684cd244294bb3c6da0c81696da55a6865830092193c8e233990712bde31e7ea3b198f94f0e55d7008aea10016e16
-
SSDEEP
49152:Y1y20JZiLlkEkOXHKWI+w8EO/mdobM/JImNaWO/3vul8j:cy3/Clk8HKWIj8EmlCIWS3i
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-