General

  • Target

    e7074780e695f4ee45a1999d5035e3a8c799fe647c7464ca85375dd9d18a3ac8

  • Size

    2.2MB

  • Sample

    211022-vvgv3sbhc8

  • MD5

    0680fd1ef21a489b3812b4ef2f9a8f40

  • SHA1

    d44346e505d925bd5f423606298e267716f7d64f

  • SHA256

    e7074780e695f4ee45a1999d5035e3a8c799fe647c7464ca85375dd9d18a3ac8

  • SHA512

    e7b7ed92d6e2fa36256c67bb2d45164b6ef1be41c1827341754273a4125781838a8e9bc2068b3669e36e88c7303f167c9df57c3d28f9f9fc6e42d7dea05826cb

Malware Config

Targets

    • Target

      e7074780e695f4ee45a1999d5035e3a8c799fe647c7464ca85375dd9d18a3ac8

    • Size

      2.2MB

    • MD5

      0680fd1ef21a489b3812b4ef2f9a8f40

    • SHA1

      d44346e505d925bd5f423606298e267716f7d64f

    • SHA256

      e7074780e695f4ee45a1999d5035e3a8c799fe647c7464ca85375dd9d18a3ac8

    • SHA512

      e7b7ed92d6e2fa36256c67bb2d45164b6ef1be41c1827341754273a4125781838a8e9bc2068b3669e36e88c7303f167c9df57c3d28f9f9fc6e42d7dea05826cb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks