General
-
Target
2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869
-
Size
2.7MB
-
Sample
241226-j61a1s1ldp
-
MD5
6a745871d883b116a4bbc9607f5b7b9b
-
SHA1
380a4cd6e33af3ff4363b6d16a9e05dd703f5f9e
-
SHA256
2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869
-
SHA512
f0de0884f50447a59da34a795cf7ed4be3ce245ca269d04eef6683307a47357f572d092d8ab4312e5244cd5c2979e040d3fe546930dd6f9945ac68ad791ef993
-
SSDEEP
49152:nUuiVyXARi6ksfiracIahCQQnPQgTTkDUVdhuz0y9l:hiUQRi6ksfirazahpQnPQtD+TU0il
Static task
static1
Behavioral task
behavioral1
Sample
2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869.exe
Resource
win7-20240903-en
Malware Config
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869
-
Size
2.7MB
-
MD5
6a745871d883b116a4bbc9607f5b7b9b
-
SHA1
380a4cd6e33af3ff4363b6d16a9e05dd703f5f9e
-
SHA256
2bd8a1b7065df88462d34eed180f2ea300c5e4cf80a984fc8aa07f6bd7949869
-
SHA512
f0de0884f50447a59da34a795cf7ed4be3ce245ca269d04eef6683307a47357f572d092d8ab4312e5244cd5c2979e040d3fe546930dd6f9945ac68ad791ef993
-
SSDEEP
49152:nUuiVyXARi6ksfiracIahCQQnPQgTTkDUVdhuz0y9l:hiUQRi6ksfirazahpQnPQtD+TU0il
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-