General
-
Target
I7AIV_file.exe
-
Size
1.7MB
-
Sample
241123-xl5a5axldr
-
MD5
6af05407143697f6c49bd94e5903f73a
-
SHA1
003809f7aa6cb6ab5bf4ddb22dc659f22f0879ef
-
SHA256
e4853246b4c0b4d13aa84e929cf4313961f176e893a8c1c29720a1eb7f68c5a7
-
SHA512
42447c96152cfd43f6ba7d7533edc62e10e66eab6030c8914bcf1af64d6980b29d1ac6a960fb6a1e3699ce68a8fad92684f2c3ebe11009f911d2b98e49f61b5e
-
SSDEEP
49152:12+LhJrTVTCyrc3j2x4uDgwcTXXZHa6hS8R+:11hrCyrcxfCaS
Static task
static1
Behavioral task
behavioral1
Sample
I7AIV_file.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
I7AIV_file.exe
-
Size
1.7MB
-
MD5
6af05407143697f6c49bd94e5903f73a
-
SHA1
003809f7aa6cb6ab5bf4ddb22dc659f22f0879ef
-
SHA256
e4853246b4c0b4d13aa84e929cf4313961f176e893a8c1c29720a1eb7f68c5a7
-
SHA512
42447c96152cfd43f6ba7d7533edc62e10e66eab6030c8914bcf1af64d6980b29d1ac6a960fb6a1e3699ce68a8fad92684f2c3ebe11009f911d2b98e49f61b5e
-
SSDEEP
49152:12+LhJrTVTCyrc3j2x4uDgwcTXXZHa6hS8R+:11hrCyrcxfCaS
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-