1ca3d04a1c28f573e0a31c49881c8c4a.7z

General
Target

1ca3d04a1c28f573e0a31c49881c8c4a.7z

Size

1MB

Sample

220119-a8trksedck

Score
10 /10
MD5

3d1d00b27b7845068d971019b56132de

SHA1

ab7625d9e5b6a9ee31558f133d927bfc589a2dae

SHA256

90e6f395643514916b30101a393ffe491d7809349d75858ffa73cab7d717c31f

SHA512

dd86f313038e070b8a20cf355dab3878cf53fb538d7e9a636b6f14d2293f70682d854f20b194486e1c6d88d820b57b3b1fe6dcd265d021e7ff55f5a6beea18b3

Malware Config

Extracted

Family redline
Botnet fs3
C2

65.21.103.71:56458

Targets
Target

1ca3d04a1c28f573e0a31c49881c8c4a

MD5

1ca3d04a1c28f573e0a31c49881c8c4a

Filesize

2MB

Score
10/10
SHA1

30a0a21660c49c0a44c981396c435483efad865e

SHA256

196e6323c5ffd2105f1159a77c1b1cb583deb9d27875232f5fae5635a39a637d

SHA512

aeede683d62f29b2e24f7352ff296c7249c3eccc6a6b3c165b060454a0704cf52b1137dbcdb24b7045c526f6a6e6b70f79935ed78866b552b7338cec38e6be64

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      7/10