General
-
Target
1ecff112836437d181652efe29d69f6970b6bd8d9ec924f2fad5a03874d960ae.exe
-
Size
1.7MB
-
Sample
241122-cmg7rsskh1
-
MD5
d2156fe745a5dbf3303a799a82d736e0
-
SHA1
04530b3ff60a8d706ffcc2ec0d7df2ae0ea1377d
-
SHA256
1ecff112836437d181652efe29d69f6970b6bd8d9ec924f2fad5a03874d960ae
-
SHA512
4aca71a25c6599961f20a058c4106981cbc375aae567b0cc6e361391716a37dac7ac079baa40036406a0d6d9376d36a8cb73b7d275b5c5c17571e2650d044829
-
SSDEEP
24576:K5O4xwSRvGX7Oa2le2aX7vp79zM/o11AU/S0fg106etQmxzNwOP17m2wTpJn/EEQ:GRvAO+2wbpRM/AOySgG0Fjwu7mbl6T
Static task
static1
Behavioral task
behavioral1
Sample
1ecff112836437d181652efe29d69f6970b6bd8d9ec924f2fad5a03874d960ae.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
1ecff112836437d181652efe29d69f6970b6bd8d9ec924f2fad5a03874d960ae.exe
-
Size
1.7MB
-
MD5
d2156fe745a5dbf3303a799a82d736e0
-
SHA1
04530b3ff60a8d706ffcc2ec0d7df2ae0ea1377d
-
SHA256
1ecff112836437d181652efe29d69f6970b6bd8d9ec924f2fad5a03874d960ae
-
SHA512
4aca71a25c6599961f20a058c4106981cbc375aae567b0cc6e361391716a37dac7ac079baa40036406a0d6d9376d36a8cb73b7d275b5c5c17571e2650d044829
-
SSDEEP
24576:K5O4xwSRvGX7Oa2le2aX7vp79zM/o11AU/S0fg106etQmxzNwOP17m2wTpJn/EEQ:GRvAO+2wbpRM/AOySgG0Fjwu7mbl6T
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-