General
-
Target
43caf1416ec29c2c736bcfe9220bef15e2970dd4330bc4171cb71ba381300014
-
Size
1.7MB
-
Sample
250109-m66dtaxrds
-
MD5
51c8e7467bbd99c75e6d53ef5b449d0d
-
SHA1
2970c79cc83f27dfae80b1ca281dc32f5d873ed5
-
SHA256
43caf1416ec29c2c736bcfe9220bef15e2970dd4330bc4171cb71ba381300014
-
SHA512
06fc25b834326d0d61499cd507bcf2f8746236526f3f88b037074d317b21c7a1f1eb40e60cc74f92a5e4a9c02dcd4f43d3cfa57c272c39afec343244e7fdb49a
-
SSDEEP
49152:obRzGeaDnK1QpB8TtXgf8VSayE6I5ER5+E4zAw9:obRzVaDOs228oay+08vUw9
Static task
static1
Behavioral task
behavioral1
Sample
43caf1416ec29c2c736bcfe9220bef15e2970dd4330bc4171cb71ba381300014.exe
Resource
win7-20241010-en
Malware Config
Extracted
stealc
brat
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
43caf1416ec29c2c736bcfe9220bef15e2970dd4330bc4171cb71ba381300014
-
Size
1.7MB
-
MD5
51c8e7467bbd99c75e6d53ef5b449d0d
-
SHA1
2970c79cc83f27dfae80b1ca281dc32f5d873ed5
-
SHA256
43caf1416ec29c2c736bcfe9220bef15e2970dd4330bc4171cb71ba381300014
-
SHA512
06fc25b834326d0d61499cd507bcf2f8746236526f3f88b037074d317b21c7a1f1eb40e60cc74f92a5e4a9c02dcd4f43d3cfa57c272c39afec343244e7fdb49a
-
SSDEEP
49152:obRzGeaDnK1QpB8TtXgf8VSayE6I5ER5+E4zAw9:obRzVaDOs228oay+08vUw9
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-