General
-
Target
Blessmodmenu 2.1b.rar
-
Size
4.9MB
-
Sample
210422-p76wmzca4e
-
MD5
364a865c0e262334ed4c82513a1752dc
-
SHA1
1f3e3e180d6f507831ae81032876fa8e2fb67486
-
SHA256
ee0d2214735d62f663c6cec5a2d5522687be503049cb7178e687daa0c84561cb
-
SHA512
35e3fcc978028b7eb1660e23d10d3e7bb0a332a327157c80cd0912a2f35fc42ba29d94ed30ac3faf4388920a99a072e7bc6c2e939c82537b8bb3412a8c9f453a
Static task
static1
Behavioral task
behavioral1
Sample
Blessmodmenu 2.1b.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
Blessmodmenu 2.1b.exe
-
Size
4.9MB
-
MD5
7b84e4d387d007f13c35a4bcb7cbdaa9
-
SHA1
f72234a52ef02b65d6232e3ca390a727d44e0a1f
-
SHA256
15c014bf8a17b1a23e011b80e27a235a8387fb7665ce0d85956065b082331b14
-
SHA512
9b69b8cd998f451ef766699777a30e246bb7a0bac85e81791b56561b939f2535cc7c0bcf6b938354c38b7a047532bc887882a7ea4616923edda5e65031b5190a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-