General
-
Target
4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0.exe
-
Size
1.7MB
-
Sample
241123-cvqh4swjhv
-
MD5
6edefc0c895756e5e929668b5f804c1f
-
SHA1
37cc66db57185d2dd9827f2a5670fe527592d5d2
-
SHA256
4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0
-
SHA512
5f34e6de56f5d86d59ccbb966b1dbff64ef8b2a759bc9cfbadde40e05d6c2924940a6c63329f633d9464ac8ae35dc9ada419ad3436dc787a2b1bfbe7c120b13c
-
SSDEEP
49152:YsK+ovd70fKBOtE8bf8W7yVzlEBikSRZh+Kop1UemI/eh:Y4kMoOtE8IWMiikSjhfsenieh
Static task
static1
Behavioral task
behavioral1
Sample
4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0.exe
-
Size
1.7MB
-
MD5
6edefc0c895756e5e929668b5f804c1f
-
SHA1
37cc66db57185d2dd9827f2a5670fe527592d5d2
-
SHA256
4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0
-
SHA512
5f34e6de56f5d86d59ccbb966b1dbff64ef8b2a759bc9cfbadde40e05d6c2924940a6c63329f633d9464ac8ae35dc9ada419ad3436dc787a2b1bfbe7c120b13c
-
SSDEEP
49152:YsK+ovd70fKBOtE8bf8W7yVzlEBikSRZh+Kop1UemI/eh:Y4kMoOtE8IWMiikSjhfsenieh
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-