General
-
Target
65e88eb9ca629cda57680a4f4f7d0d39fe7dfe7ef80d619b809779e9ecff33ad.exe
-
Size
1.7MB
-
Sample
241124-cr7m8avpfm
-
MD5
69cbce48a9ce8b1da7a0195ae4dfbccc
-
SHA1
c05a7472201be886b55e2958351df9e211fbe639
-
SHA256
65e88eb9ca629cda57680a4f4f7d0d39fe7dfe7ef80d619b809779e9ecff33ad
-
SHA512
f24c8b12f0d2fd02a4ffcc7d196f96f2c1f8edbe029c5e99133795d8834589b2ad60d27f55fcb3d5887fc818b8bc178298f53dbf43a5cc879aef279e809fa311
-
SSDEEP
49152:xU9+qhQuGyU+eN3agyYmYhIHWpBsfgvGY85PMMvV:xU9HU+EbyJYWHiB3GYkUw
Static task
static1
Behavioral task
behavioral1
Sample
65e88eb9ca629cda57680a4f4f7d0d39fe7dfe7ef80d619b809779e9ecff33ad.exe
Resource
win7-20240708-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
65e88eb9ca629cda57680a4f4f7d0d39fe7dfe7ef80d619b809779e9ecff33ad.exe
-
Size
1.7MB
-
MD5
69cbce48a9ce8b1da7a0195ae4dfbccc
-
SHA1
c05a7472201be886b55e2958351df9e211fbe639
-
SHA256
65e88eb9ca629cda57680a4f4f7d0d39fe7dfe7ef80d619b809779e9ecff33ad
-
SHA512
f24c8b12f0d2fd02a4ffcc7d196f96f2c1f8edbe029c5e99133795d8834589b2ad60d27f55fcb3d5887fc818b8bc178298f53dbf43a5cc879aef279e809fa311
-
SSDEEP
49152:xU9+qhQuGyU+eN3agyYmYhIHWpBsfgvGY85PMMvV:xU9HU+EbyJYWHiB3GYkUw
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-