General
-
Target
45926e2940bd8f454ce00ec717521e919b3d6dcdcc0c87d180106c1927589739.exe
-
Size
1.8MB
-
Sample
241123-cthrwawjet
-
MD5
3bdf8476f9736b3f51b8d5027679a6f5
-
SHA1
ca6ccfba4f7f15f476dd7cf64e3d78090ab593b2
-
SHA256
45926e2940bd8f454ce00ec717521e919b3d6dcdcc0c87d180106c1927589739
-
SHA512
6e26c7a0f4c07d230e2608783613c182906b8d628b945df1e4bd89e0a5cc8163fc19c0089b429b8cb4ae758937445e41f0c33ead8966bca57c2a478d9a3951e4
-
SSDEEP
49152:t8ATylKYvKdpifRxPntxjWWeG/CHYZO0FeW:GrlKEKLOR1nXjGYvAW
Static task
static1
Behavioral task
behavioral1
Sample
45926e2940bd8f454ce00ec717521e919b3d6dcdcc0c87d180106c1927589739.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
45926e2940bd8f454ce00ec717521e919b3d6dcdcc0c87d180106c1927589739.exe
-
Size
1.8MB
-
MD5
3bdf8476f9736b3f51b8d5027679a6f5
-
SHA1
ca6ccfba4f7f15f476dd7cf64e3d78090ab593b2
-
SHA256
45926e2940bd8f454ce00ec717521e919b3d6dcdcc0c87d180106c1927589739
-
SHA512
6e26c7a0f4c07d230e2608783613c182906b8d628b945df1e4bd89e0a5cc8163fc19c0089b429b8cb4ae758937445e41f0c33ead8966bca57c2a478d9a3951e4
-
SSDEEP
49152:t8ATylKYvKdpifRxPntxjWWeG/CHYZO0FeW:GrlKEKLOR1nXjGYvAW
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-