General
-
Target
Vape lite crack.rar
-
Size
393KB
-
Sample
210418-7mbfqyr6dj
-
MD5
284bcf1376c4fea3aa9a07fc61615f47
-
SHA1
a9d6522abaf2b73258ad9e756db876455d35613a
-
SHA256
b31dcc7367aa09630f2b664e1bfa5b6214cc719742be9567da00be34399c35e1
-
SHA512
9c5fdebc7040f09d3f48e6979d4e5bb2d565700076966cf86a3f0fc1aa88eb951144bf47eae5eb7de9f225816c81f7dba2b0835855f1776e508d96db7fc8e5b8
Static task
static1
Behavioral task
behavioral1
Sample
VapeCracked.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
DothLibrary.dll
Resource
win10v20210408
Behavioral task
behavioral3
Sample
VapeCracked.exe
Resource
win10v20210410
Behavioral task
behavioral4
Sample
DothLibrary.dll
Resource
win10v20210408
Malware Config
Targets
-
-
Target
DothLibrary.dll
-
Size
436KB
-
MD5
5aeea45913eb8475077a9547d7d3f2f3
-
SHA1
09931075a4fdffe7b051df6d3bc5b4a0bacdf019
-
SHA256
ef2a67849fbe0f1c99263bf0acfddf15a1b3668e49fd9d35868e147d8a4c8c73
-
SHA512
3f3ba1d117784aca8d6abfe84e9275da425fd23982aa1ce9af760a9e5d7cd5e9dc2e36a36cc6e190cb91e8b2c8888881cfd8feeb85c3249185d61273a1a1e0ff
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
VapeCracked.exe
-
Size
684KB
-
MD5
0166a38ead8cc413deab94672174d471
-
SHA1
02fb728d11ce37573372930da9a2df73b11c1091
-
SHA256
abed1feb307134e7385a9dbbd4a478709949c4ba9bb4e934e4596677ea3213bc
-
SHA512
ec2627a622a6cb79311755c9d7610de8da18eceddbffd3bbe3489224af94d464499016eb06ce6e37651201ff49f24773169efda2f7fd64ff5401aa739a14bf66
Score1/10 -