General
-
Target
Setup.exe
-
Size
3.2MB
-
Sample
210729-wzvqb879aa
-
MD5
6a42e481e8c2f649a854b08cdaf73be4
-
SHA1
66d7883449483a44232053f77ed1701c3c3ac9e3
-
SHA256
3f4a6504fe8dc05ff75fe4a3bdf27eb509b2431ebaf4e189c23b9297ea300f19
-
SHA512
9d4b1d3ffafebf0faebe550f2d3064a1f515b908e049a5aca07b151d8bfe165d545f244bfd3960283a9310c18e50968834dc3fc471258ef8ddf7541e597d87be
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
3.2MB
-
MD5
6a42e481e8c2f649a854b08cdaf73be4
-
SHA1
66d7883449483a44232053f77ed1701c3c3ac9e3
-
SHA256
3f4a6504fe8dc05ff75fe4a3bdf27eb509b2431ebaf4e189c23b9297ea300f19
-
SHA512
9d4b1d3ffafebf0faebe550f2d3064a1f515b908e049a5aca07b151d8bfe165d545f244bfd3960283a9310c18e50968834dc3fc471258ef8ddf7541e597d87be
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-