General
-
Target
f4a38bfe6d64ae092c608adf24f3b294710aacc510f628c4e19e1a1800fb42b8.exe
-
Size
1.7MB
-
Sample
241124-detfhawrfj
-
MD5
9f1e2f4308ddb08ce70a669d67a97763
-
SHA1
fa3222ecc5bc0e59f5bcd16562bdc0cb9be9f1ee
-
SHA256
f4a38bfe6d64ae092c608adf24f3b294710aacc510f628c4e19e1a1800fb42b8
-
SHA512
d788a4497a4273f379ec2ca975941289eece214b391576133e86ba517224081a82004df6fdab139e674575e32c459c880f433970a7714b7a5e936741e9217c0c
-
SSDEEP
24576:ItKn/l1KCGkWy8u4Xju2cyzw3ldmguquIYJScPLK/VoF1mVLd7q:IOtR9qX9zwSqMPjYZ
Static task
static1
Behavioral task
behavioral1
Sample
f4a38bfe6d64ae092c608adf24f3b294710aacc510f628c4e19e1a1800fb42b8.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
f4a38bfe6d64ae092c608adf24f3b294710aacc510f628c4e19e1a1800fb42b8.exe
-
Size
1.7MB
-
MD5
9f1e2f4308ddb08ce70a669d67a97763
-
SHA1
fa3222ecc5bc0e59f5bcd16562bdc0cb9be9f1ee
-
SHA256
f4a38bfe6d64ae092c608adf24f3b294710aacc510f628c4e19e1a1800fb42b8
-
SHA512
d788a4497a4273f379ec2ca975941289eece214b391576133e86ba517224081a82004df6fdab139e674575e32c459c880f433970a7714b7a5e936741e9217c0c
-
SSDEEP
24576:ItKn/l1KCGkWy8u4Xju2cyzw3ldmguquIYJScPLK/VoF1mVLd7q:IOtR9qX9zwSqMPjYZ
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-