General
-
Target
RaveCrack.exe
-
Size
1.6MB
-
Sample
211205-y9j6jachck
-
MD5
92072e1401c170181f26fc193ae6137f
-
SHA1
bcbeeca2346809882369655c85d9ffb9c2b2aadf
-
SHA256
29c409e07f6bff407c11023eae2d2bb2a9033e44fbb4a07897a785f5ae1c3d24
-
SHA512
6dd5ad7d456a77ae001b07e5cefba80553498e13bf3e2dc5b9c3de722ac37d9b0d1518004371cb1d4bed51e3b2dcc7590c5d970cc78fa8f7864c341c45aa8a2b
Static task
static1
Behavioral task
behavioral1
Sample
RaveCrack.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
RaveCrack.exe
Resource
win10-en-20211104
Malware Config
Targets
-
-
Target
RaveCrack.exe
-
Size
1.6MB
-
MD5
92072e1401c170181f26fc193ae6137f
-
SHA1
bcbeeca2346809882369655c85d9ffb9c2b2aadf
-
SHA256
29c409e07f6bff407c11023eae2d2bb2a9033e44fbb4a07897a785f5ae1c3d24
-
SHA512
6dd5ad7d456a77ae001b07e5cefba80553498e13bf3e2dc5b9c3de722ac37d9b0d1518004371cb1d4bed51e3b2dcc7590c5d970cc78fa8f7864c341c45aa8a2b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-