General
-
Target
627282708d27b267d9d3cbee3fba2980e3f30c77588b51c71e6afabe435917d0
-
Size
2.7MB
-
Sample
241226-fmgg1sxlbz
-
MD5
39a1cde446dbdfbee85fb538b6a2fecf
-
SHA1
e0cba0a970e93d8c4e2febe70a33c2c5b93c50d4
-
SHA256
627282708d27b267d9d3cbee3fba2980e3f30c77588b51c71e6afabe435917d0
-
SHA512
f5d1927b22011a20dd62c304fd568ede6d19a2e3b41a937d56352d5795a7667989e351c7464c1a909982c4deb0ea3cf586d441b1fdad96c3d6bdeb22d491932a
-
SSDEEP
49152:UMDwqh8Ub9eQWDE9Vzc8a3mamtfJ+1Gtqu0PUAtC4YE0J:XNh8Ub9eQWDEzO2amtfgA8uK8
Static task
static1
Behavioral task
behavioral1
Sample
627282708d27b267d9d3cbee3fba2980e3f30c77588b51c71e6afabe435917d0.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
627282708d27b267d9d3cbee3fba2980e3f30c77588b51c71e6afabe435917d0
-
Size
2.7MB
-
MD5
39a1cde446dbdfbee85fb538b6a2fecf
-
SHA1
e0cba0a970e93d8c4e2febe70a33c2c5b93c50d4
-
SHA256
627282708d27b267d9d3cbee3fba2980e3f30c77588b51c71e6afabe435917d0
-
SHA512
f5d1927b22011a20dd62c304fd568ede6d19a2e3b41a937d56352d5795a7667989e351c7464c1a909982c4deb0ea3cf586d441b1fdad96c3d6bdeb22d491932a
-
SSDEEP
49152:UMDwqh8Ub9eQWDE9Vzc8a3mamtfJ+1Gtqu0PUAtC4YE0J:XNh8Ub9eQWDEzO2amtfgA8uK8
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-