General
-
Target
9784693e6d3fe06c253e47536652da2ac85aa94b2d05d83230b2f9734529f854.exe
-
Size
1.7MB
-
Sample
241124-czhztszkbs
-
MD5
915ecb2949f1c2ad737caa35856b4584
-
SHA1
deaf66961d8b2dda755377ab791b8907b71cf9b5
-
SHA256
9784693e6d3fe06c253e47536652da2ac85aa94b2d05d83230b2f9734529f854
-
SHA512
bb015aeefc7151b3976e7643a143a0b9e3c47ab93d876186af9bd5dd582e900e21662f177f62021db803289b38d69839d26d463bf7d954ef8ab319289346cf0a
-
SSDEEP
49152:aIGvHJ5IqgYd4DInvoXmnNDCcdYUDSJ5wup:aIUIqgYd40nvNDp45Rp
Static task
static1
Behavioral task
behavioral1
Sample
9784693e6d3fe06c253e47536652da2ac85aa94b2d05d83230b2f9734529f854.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
9784693e6d3fe06c253e47536652da2ac85aa94b2d05d83230b2f9734529f854.exe
-
Size
1.7MB
-
MD5
915ecb2949f1c2ad737caa35856b4584
-
SHA1
deaf66961d8b2dda755377ab791b8907b71cf9b5
-
SHA256
9784693e6d3fe06c253e47536652da2ac85aa94b2d05d83230b2f9734529f854
-
SHA512
bb015aeefc7151b3976e7643a143a0b9e3c47ab93d876186af9bd5dd582e900e21662f177f62021db803289b38d69839d26d463bf7d954ef8ab319289346cf0a
-
SSDEEP
49152:aIGvHJ5IqgYd4DInvoXmnNDCcdYUDSJ5wup:aIUIqgYd40nvNDp45Rp
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-