General
-
Target
7f9f6c1ccb628c0022abd2fe74b54afcb31df6a42b4a6c5257ef0524a495d9cb.exe
-
Size
1.7MB
-
Sample
241123-c3a4dsskhk
-
MD5
cbca0ed5dafeb31daabe0a2f092d50d1
-
SHA1
cab57f59cff06d3f6fd8bcc0fb7d8c950d365fdf
-
SHA256
7f9f6c1ccb628c0022abd2fe74b54afcb31df6a42b4a6c5257ef0524a495d9cb
-
SHA512
c17f507d62c4ed4ca2641b2e0f5e52c55f2f32e046a4f53fa358335158e7bfadc0d5639523f1e3d3cbba1fc0d0e6160b3c0d97801f2e871f5c4d230e7ef35c95
-
SSDEEP
49152:Hny/mLhM70gIsZeZnb4EsBtXaW7CQ/dxY:HnWmLhM7JIsZeN4E+kUxY
Static task
static1
Behavioral task
behavioral1
Sample
7f9f6c1ccb628c0022abd2fe74b54afcb31df6a42b4a6c5257ef0524a495d9cb.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
7f9f6c1ccb628c0022abd2fe74b54afcb31df6a42b4a6c5257ef0524a495d9cb.exe
-
Size
1.7MB
-
MD5
cbca0ed5dafeb31daabe0a2f092d50d1
-
SHA1
cab57f59cff06d3f6fd8bcc0fb7d8c950d365fdf
-
SHA256
7f9f6c1ccb628c0022abd2fe74b54afcb31df6a42b4a6c5257ef0524a495d9cb
-
SHA512
c17f507d62c4ed4ca2641b2e0f5e52c55f2f32e046a4f53fa358335158e7bfadc0d5639523f1e3d3cbba1fc0d0e6160b3c0d97801f2e871f5c4d230e7ef35c95
-
SSDEEP
49152:Hny/mLhM70gIsZeZnb4EsBtXaW7CQ/dxY:HnWmLhM7JIsZeN4E+kUxY
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-