General
-
Target
5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908.exe
-
Size
1.7MB
-
Sample
241122-cy2esaylhr
-
MD5
81380b3f4700458353f68405ba69f471
-
SHA1
2c51c11246200de63ac0121df7fc94545f0aef38
-
SHA256
5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908
-
SHA512
a59cd918a59a2aef818e2974579026a1ab344bfe658e23954550b6c2d44df2285d5365cd60d4086c60d4234ed8616546826d9ed66634150f0d4fde8702e0ff3f
-
SSDEEP
24576:8KiYYsFZEkLMfHBj9SckDSBaCJcHl7XSPCtLP13h65igzXV0v5qrUKzuThUaU3SR:8HYYVk8j9LkDfrnhy7Wv5GBzEhmiDd
Static task
static1
Behavioral task
behavioral1
Sample
5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908.exe
-
Size
1.7MB
-
MD5
81380b3f4700458353f68405ba69f471
-
SHA1
2c51c11246200de63ac0121df7fc94545f0aef38
-
SHA256
5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908
-
SHA512
a59cd918a59a2aef818e2974579026a1ab344bfe658e23954550b6c2d44df2285d5365cd60d4086c60d4234ed8616546826d9ed66634150f0d4fde8702e0ff3f
-
SSDEEP
24576:8KiYYsFZEkLMfHBj9SckDSBaCJcHl7XSPCtLP13h65igzXV0v5qrUKzuThUaU3SR:8HYYVk8j9LkDfrnhy7Wv5GBzEhmiDd
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-