General
-
Target
80eec7bf8719c819d91894cffb672844f8169b0725b02b60298d1f9de6831397.exe
-
Size
1.7MB
-
Sample
241123-c3d52swmbv
-
MD5
a437168be1387bd482c93fdd3e4c17c3
-
SHA1
35e08424681845202ada3ba4f381ab08425994bc
-
SHA256
80eec7bf8719c819d91894cffb672844f8169b0725b02b60298d1f9de6831397
-
SHA512
207732e77cf187f76b9379a41ff113d7ac0b1e425c62f66018792261018c1073d8740b7379c3c7d9840992d468f6b1ede0c0e960aa4ad64ad304ab3fcc705b9d
-
SSDEEP
49152:Uqhjxt9gIWaAR+g87+XnVasX6bDoYwGj:UGt9/AZ87+F7X648
Static task
static1
Behavioral task
behavioral1
Sample
80eec7bf8719c819d91894cffb672844f8169b0725b02b60298d1f9de6831397.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
80eec7bf8719c819d91894cffb672844f8169b0725b02b60298d1f9de6831397.exe
-
Size
1.7MB
-
MD5
a437168be1387bd482c93fdd3e4c17c3
-
SHA1
35e08424681845202ada3ba4f381ab08425994bc
-
SHA256
80eec7bf8719c819d91894cffb672844f8169b0725b02b60298d1f9de6831397
-
SHA512
207732e77cf187f76b9379a41ff113d7ac0b1e425c62f66018792261018c1073d8740b7379c3c7d9840992d468f6b1ede0c0e960aa4ad64ad304ab3fcc705b9d
-
SSDEEP
49152:Uqhjxt9gIWaAR+g87+XnVasX6bDoYwGj:UGt9/AZ87+F7X648
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-