General
-
Target
eed87df7761669eb1015a6d99bb0e86d35e8cf444f29500b53ad6065447592ac.exe
-
Size
1.7MB
-
Sample
241122-dsr5lazjhj
-
MD5
921cd66c5b93e2013c2d5ec492a80735
-
SHA1
db34a37647896dea25f0c5cbb5662a59d897c240
-
SHA256
eed87df7761669eb1015a6d99bb0e86d35e8cf444f29500b53ad6065447592ac
-
SHA512
c620b39038328b60089c6e86d52b0103f778c304d27bc81d4061da2d3976e45e7cb5ed302285480a69bdb704083a21d65a23a1bb40170badd40c64e5b0ec6cb5
-
SSDEEP
49152:qhSzn8vkCLP6lEBgFDpCQ/pJVxfEQovN9Mv:qhSzn88CLPoO0UQ/pb9Ec
Static task
static1
Behavioral task
behavioral1
Sample
eed87df7761669eb1015a6d99bb0e86d35e8cf444f29500b53ad6065447592ac.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
eed87df7761669eb1015a6d99bb0e86d35e8cf444f29500b53ad6065447592ac.exe
-
Size
1.7MB
-
MD5
921cd66c5b93e2013c2d5ec492a80735
-
SHA1
db34a37647896dea25f0c5cbb5662a59d897c240
-
SHA256
eed87df7761669eb1015a6d99bb0e86d35e8cf444f29500b53ad6065447592ac
-
SHA512
c620b39038328b60089c6e86d52b0103f778c304d27bc81d4061da2d3976e45e7cb5ed302285480a69bdb704083a21d65a23a1bb40170badd40c64e5b0ec6cb5
-
SSDEEP
49152:qhSzn8vkCLP6lEBgFDpCQ/pJVxfEQovN9Mv:qhSzn88CLPoO0UQ/pb9Ec
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-