General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241122-yh9xwatken
-
MD5
c524f231dbe4c55a328876f06e2a82d1
-
SHA1
8d4c24359d577fcbc818158fc79554169690273b
-
SHA256
9561f2e19612f381dfbe538ba59f4f6f4cefe5d0d0f26f0b7fa1fcd095b9f708
-
SHA512
1020928371c8423fa4724a3d603d7b2823f97eae93190cc1337d95993acab9507bb3f361026d1757acb64c26e553ba17e6cb91020e0a525acf2b24aa167328a3
-
SSDEEP
49152:EWDzR3kVKyvwxbdJ60Lsv33hf+EsV7i7EO7Hf:EA+rkhJ60YJcV69b
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
c524f231dbe4c55a328876f06e2a82d1
-
SHA1
8d4c24359d577fcbc818158fc79554169690273b
-
SHA256
9561f2e19612f381dfbe538ba59f4f6f4cefe5d0d0f26f0b7fa1fcd095b9f708
-
SHA512
1020928371c8423fa4724a3d603d7b2823f97eae93190cc1337d95993acab9507bb3f361026d1757acb64c26e553ba17e6cb91020e0a525acf2b24aa167328a3
-
SSDEEP
49152:EWDzR3kVKyvwxbdJ60Lsv33hf+EsV7i7EO7Hf:EA+rkhJ60YJcV69b
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-