General
-
Target
random.exe
-
Size
1.7MB
-
Sample
250122-q5199ayqfy
-
MD5
7fa381cd8c80e6930f9ead27ab8d65d5
-
SHA1
9478be51941ba8077be76c75a6180e5468ba90aa
-
SHA256
5ffbfc038a1ab3b850f1afd6b5283501875bb98ee5f9541ed6edf706d2891f6f
-
SHA512
60c9d72fe393d846015585ab078c33211e1755071ea465a645ee2e80b48a392258f3b492161e92685e26f82c3848c2c1097a280b3fb0edcd5d78b4e4db30b523
-
SSDEEP
49152:aG2fPSWTmRNDe5VobzkU+v5OLY0GgP+H7OvR6O:92XSWTX5VoEUI5Ok0xO65
Static task
static1
Behavioral task
behavioral1
Sample
random.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
random.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
stealc
brat
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
random.exe
-
Size
1.7MB
-
MD5
7fa381cd8c80e6930f9ead27ab8d65d5
-
SHA1
9478be51941ba8077be76c75a6180e5468ba90aa
-
SHA256
5ffbfc038a1ab3b850f1afd6b5283501875bb98ee5f9541ed6edf706d2891f6f
-
SHA512
60c9d72fe393d846015585ab078c33211e1755071ea465a645ee2e80b48a392258f3b492161e92685e26f82c3848c2c1097a280b3fb0edcd5d78b4e4db30b523
-
SSDEEP
49152:aG2fPSWTmRNDe5VobzkU+v5OLY0GgP+H7OvR6O:92XSWTX5VoEUI5Ok0xO65
Score10/10-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-