General
-
Target
FRA5I_file.exe
-
Size
1.7MB
-
Sample
241123-wvjv4swkhk
-
MD5
2ddf913f1bfac8e658b52ccbd75e8c80
-
SHA1
f1d0732f7ba49cd0dfee3ea084020e5b75c7ed22
-
SHA256
8de92a481031783cdc05d07776627e2294dcb823399b3887e60ce461ff1ecad7
-
SHA512
ea477fa4c312b5e62aaefde99fd4b647f5f85c60c5c46341986bcd4a8323a5475cc859a3e6eca304a87c1f122176111a64f6c20803cae232566c63232378d0b0
-
SSDEEP
49152:PNb0xqGv8NYVthpnAekJ++BwSJ246vETXL/f9:p0xq3grH22SJr/b/
Static task
static1
Behavioral task
behavioral1
Sample
FRA5I_file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
FRA5I_file.exe
-
Size
1.7MB
-
MD5
2ddf913f1bfac8e658b52ccbd75e8c80
-
SHA1
f1d0732f7ba49cd0dfee3ea084020e5b75c7ed22
-
SHA256
8de92a481031783cdc05d07776627e2294dcb823399b3887e60ce461ff1ecad7
-
SHA512
ea477fa4c312b5e62aaefde99fd4b647f5f85c60c5c46341986bcd4a8323a5475cc859a3e6eca304a87c1f122176111a64f6c20803cae232566c63232378d0b0
-
SSDEEP
49152:PNb0xqGv8NYVthpnAekJ++BwSJ246vETXL/f9:p0xq3grH22SJr/b/
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-