Overview

overview

10

Static

static

7

233cb353b4...18.exe

windows7_x64

10

233cb353b4...18.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918

  • Size

    3.4MB

  • Sample

    220215-scamyahdfq

  • MD5

    a6aebaf78d5d1d323dc4e7553424ecb3

  • SHA1

    67443ca919e3f3811f50ba21321f3eda1d33909c

  • SHA256

    233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918

  • SHA512

    68dce0bbf2235ba83931898c13010f504009d2dbc8e00e780a59d7391af3fc8f0b7ce866fd5467a18094bb779fe7f6ca1be62d587e9bb2f3893fb05d742b6131

Score
10/10
redlineevasioninfostealerthemidatrojan

Malware Config

Targets

    • Target

      233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918

    • Size

      3.4MB

    • MD5

      a6aebaf78d5d1d323dc4e7553424ecb3

    • SHA1

      67443ca919e3f3811f50ba21321f3eda1d33909c

    • SHA256

      233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918

    • SHA512

      68dce0bbf2235ba83931898c13010f504009d2dbc8e00e780a59d7391af3fc8f0b7ce866fd5467a18094bb779fe7f6ca1be62d587e9bb2f3893fb05d742b6131

    Score
    10/10
    redlineevasioninfostealerthemidatrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks