Resubmissions

29-07-2021 15:09

210729-wzvqb879aa 10

26-07-2021 20:08

210726-9lbbrtep2a 10

26-07-2021 20:05

210726-bdzs4aydgx 9

General

  • Target

    Setup.exe

  • Size

    3MB

  • Sample

    210726-9lbbrtep2a

  • MD5

    6a42e481e8c2f649a854b08cdaf73be4

  • SHA1

    66d7883449483a44232053f77ed1701c3c3ac9e3

  • SHA256

    3f4a6504fe8dc05ff75fe4a3bdf27eb509b2431ebaf4e189c23b9297ea300f19

  • SHA512

    9d4b1d3ffafebf0faebe550f2d3064a1f515b908e049a5aca07b151d8bfe165d545f244bfd3960283a9310c18e50968834dc3fc471258ef8ddf7541e597d87be

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      3MB

    • MD5

      6a42e481e8c2f649a854b08cdaf73be4

    • SHA1

      66d7883449483a44232053f77ed1701c3c3ac9e3

    • SHA256

      3f4a6504fe8dc05ff75fe4a3bdf27eb509b2431ebaf4e189c23b9297ea300f19

    • SHA512

      9d4b1d3ffafebf0faebe550f2d3064a1f515b908e049a5aca07b151d8bfe165d545f244bfd3960283a9310c18e50968834dc3fc471258ef8ddf7541e597d87be

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks