General
-
Target
d23c929cadf5890a5afadd25b36e9d73fa8328c0fe7d750578cf59fba2cf72e0.exe
-
Size
1.7MB
-
Sample
241123-dhkyjawqfz
-
MD5
405dcfb77eb969d356061f551b1d3a1f
-
SHA1
28aabbccb4b5f095e4046fbcb5148b9813de756b
-
SHA256
d23c929cadf5890a5afadd25b36e9d73fa8328c0fe7d750578cf59fba2cf72e0
-
SHA512
bb8a4f340a2e3b8b8fe8913da46cf2f7e1887128971ecb94832292f66ca7f00af91d6b1384957788fb11e2d487942a80c1c77515906dba22908627fa20ac0a41
-
SSDEEP
49152:iHvmWWyXuC7RzSsG4niqDydWu3CIzNIvU4TB:i+hKvvcWu3bIsO
Static task
static1
Behavioral task
behavioral1
Sample
d23c929cadf5890a5afadd25b36e9d73fa8328c0fe7d750578cf59fba2cf72e0.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
d23c929cadf5890a5afadd25b36e9d73fa8328c0fe7d750578cf59fba2cf72e0.exe
-
Size
1.7MB
-
MD5
405dcfb77eb969d356061f551b1d3a1f
-
SHA1
28aabbccb4b5f095e4046fbcb5148b9813de756b
-
SHA256
d23c929cadf5890a5afadd25b36e9d73fa8328c0fe7d750578cf59fba2cf72e0
-
SHA512
bb8a4f340a2e3b8b8fe8913da46cf2f7e1887128971ecb94832292f66ca7f00af91d6b1384957788fb11e2d487942a80c1c77515906dba22908627fa20ac0a41
-
SSDEEP
49152:iHvmWWyXuC7RzSsG4niqDydWu3CIzNIvU4TB:i+hKvvcWu3bIsO
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-