General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241122-v6r57a1jgj
-
MD5
c80d723528ed0121eef557cc31bd4c87
-
SHA1
150ec423edbfb73989a525fc3b553d06f411ece7
-
SHA256
fa8380534c7876773e1315360225f92d30fc4ff6c4cdf70bebaf16e5f450d6f5
-
SHA512
3ae11b656d242e891881b5833781a1431d0dde16de66a21b775613a7d02e098a68ad41301fa85f5cf3bd0bb7561c1ab784fd0d3c4940a45d66aa67f10b475da8
-
SSDEEP
49152:FeFnYVk0QSUFysYk0uyMIDv9fPFNC0c2c316Ph3qR:FAYVk0QSUFysb2MIRC0dh3qR
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
c80d723528ed0121eef557cc31bd4c87
-
SHA1
150ec423edbfb73989a525fc3b553d06f411ece7
-
SHA256
fa8380534c7876773e1315360225f92d30fc4ff6c4cdf70bebaf16e5f450d6f5
-
SHA512
3ae11b656d242e891881b5833781a1431d0dde16de66a21b775613a7d02e098a68ad41301fa85f5cf3bd0bb7561c1ab784fd0d3c4940a45d66aa67f10b475da8
-
SSDEEP
49152:FeFnYVk0QSUFysYk0uyMIDv9fPFNC0c2c316Ph3qR:FAYVk0QSUFysb2MIRC0dh3qR
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-