General
-
Target
90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd.exe
-
Size
1.8MB
-
Sample
241123-c9963awnfy
-
MD5
e5a48f23e7b32f452f9bf2e6bf42094c
-
SHA1
4f95895d7a641793c3e603847c06ffd51fb29940
-
SHA256
90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd
-
SHA512
3ad71818ffa0544e8c7e302c49a51b7e58b42543a0640a588e448d4d1ebb9e4b880e1869a634b7e66a2d11849eb2c68672b575f7b6386393bc02ff052293ded4
-
SSDEEP
49152:LLrjKJvZOWRzfxWd7YVHqLU7of4A88ahonJr8AY5h/v:fvKmIzfxW5f+e4V4aT5
Static task
static1
Behavioral task
behavioral1
Sample
90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd.exe
-
Size
1.8MB
-
MD5
e5a48f23e7b32f452f9bf2e6bf42094c
-
SHA1
4f95895d7a641793c3e603847c06ffd51fb29940
-
SHA256
90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd
-
SHA512
3ad71818ffa0544e8c7e302c49a51b7e58b42543a0640a588e448d4d1ebb9e4b880e1869a634b7e66a2d11849eb2c68672b575f7b6386393bc02ff052293ded4
-
SSDEEP
49152:LLrjKJvZOWRzfxWd7YVHqLU7of4A88ahonJr8AY5h/v:fvKmIzfxW5f+e4V4aT5
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-