General
-
Target
25289cd2afe05685632e8eb6b6170ff9c876b726dd1bf67543121d44bc384387
-
Size
1.7MB
-
Sample
241122-zcbcssvjdr
-
MD5
c2cf363b2da0c5b29e372b342e0385c9
-
SHA1
b69d9a2af6b918129330c74ded7d18f49c3c14bf
-
SHA256
25289cd2afe05685632e8eb6b6170ff9c876b726dd1bf67543121d44bc384387
-
SHA512
ddb494900a8cfab33d15eaa633fd7892ac4cb19ccb377b891093cb4ce9991354770c69daab8eb3c68641ff6181eb4a11ada2cd50ef28c02fd8c70a9b6d0d78bd
-
SSDEEP
49152:Wais1gR7JFQlAMOODkpVzY2R5QvVv9oxkSSGkGV:Wk1E7qAMdDkpJGVT2V
Static task
static1
Behavioral task
behavioral1
Sample
25289cd2afe05685632e8eb6b6170ff9c876b726dd1bf67543121d44bc384387.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
25289cd2afe05685632e8eb6b6170ff9c876b726dd1bf67543121d44bc384387
-
Size
1.7MB
-
MD5
c2cf363b2da0c5b29e372b342e0385c9
-
SHA1
b69d9a2af6b918129330c74ded7d18f49c3c14bf
-
SHA256
25289cd2afe05685632e8eb6b6170ff9c876b726dd1bf67543121d44bc384387
-
SHA512
ddb494900a8cfab33d15eaa633fd7892ac4cb19ccb377b891093cb4ce9991354770c69daab8eb3c68641ff6181eb4a11ada2cd50ef28c02fd8c70a9b6d0d78bd
-
SSDEEP
49152:Wais1gR7JFQlAMOODkpVzY2R5QvVv9oxkSSGkGV:Wk1E7qAMdDkpJGVT2V
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-