General
-
Target
7434786167.zip
-
Size
5.4MB
-
Sample
220520-nm23qaahg3
-
MD5
48b1caa5028ee44b155b92e8826d42f1
-
SHA1
96b57679b4a2eb360f0bf25f57920176167f4423
-
SHA256
33bbf133844c61c4e4f9207411a912c02d2c1cd1c25d582a5044c658d48cc9ca
-
SHA512
e401d73084c47b021f7476213aa3915cfc89deb3d1d632d55798c2192d5e556b07356d067ad7af7bbddde2a18dc53abd398d90c0a9d9b3f0df8f41bb168a764f
Static task
static1
Behavioral task
behavioral1
Sample
setup/AISetup-Crack.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
setup/AISetup-Crack.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
setup/Pre-Activated-Setup.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.2
1281
https://t.me/netflixaccsfree
-
profile_id
1281
Targets
-
-
Target
setup/AISetup-Crack.exe
-
Size
2.4MB
-
MD5
a6f2af8aa201a51b90ce7242736a7af4
-
SHA1
303184b65412f10df9e3860a7b3337e165c820db
-
SHA256
7e29a55958df55dcc4bb4e563111659226cdac60bc7141f8124acaa8eac66565
-
SHA512
dd5271e62bb7f69b217ea912c378cccf41f4132efe48e4ac11fe04d6869d3db13cc52dd991507d1ba081b88bcbc8c96324a11d7a1623937be2a0403c353d7650
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
setup/Pre-Activated-Setup.exe
-
Size
405.2MB
-
MD5
3cf359cf5a3c86167e554882c9d26dc4
-
SHA1
fd80122deab8904889dfa69df600554eac8090ff
-
SHA256
b61864510b59420f82383f1377bba51822f2c481fe8a166c5eeda292a2258eaa
-
SHA512
e8e4047c2863715686fa5205175572fce0f05d501a762310e88eba064cd857737f49948785fa4fff54dc60da2430f60ef2f8e3ca13727d48c8192546a65b79db
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-