metastealer | 3df58f95673ea66a822fde408a33da67bd66344ece4839b66ec266d1b489e079

General

Target

b29748ca349b93e3a68ae9d74c8c112f
Size

2.9MB
Sample

220415-fhywhaeefm
MD5

b29748ca349b93e3a68ae9d74c8c112f
SHA1

25fcb59baef4fee8d333137cac54256692bcd0a5
SHA256

3df58f95673ea66a822fde408a33da67bd66344ece4839b66ec266d1b489e079
SHA512

ecc59e7394059b0330c5762687b2390040071e6ca3b2d3d21d13d43fe3b80bd051a5d94df91182b288bb474da6e899f5df4f25d0c2a8944cf9ab6570c9533266

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

84.38.132.100:29934

Targets

- Target
  
  b29748ca349b93e3a68ae9d74c8c112f
- Size
  
  2.9MB
- MD5
  
  b29748ca349b93e3a68ae9d74c8c112f
- SHA1
  
  25fcb59baef4fee8d333137cac54256692bcd0a5
- SHA256
  
  3df58f95673ea66a822fde408a33da67bd66344ece4839b66ec266d1b489e079
- SHA512
  
  ecc59e7394059b0330c5762687b2390040071e6ca3b2d3d21d13d43fe3b80bd051a5d94df91182b288bb474da6e899f5df4f25d0c2a8944cf9ab6570c9533266
Score

10^/10

redline cheat evasion infostealer themida trojan metastealer stealer
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Meta Stealer Stealer

RedLine

RedLine Payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Themida packer

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2