General
-
Target
7463036146.zip
-
Size
4.4MB
-
Sample
220520-npckvaeaaj
-
MD5
b46a7b7788783baf852a3e2d217395a5
-
SHA1
2036377a1656073ae9484770e15834bced45cc3d
-
SHA256
6b313fae80a9226c4293f5b5bb57129f1bc4f2a8c46bdabb7a577a08e47672b9
-
SHA512
4a85032604b63a6a4571f029aba42e324354522968007806d44aa52aeb99bef391d6cd8f6b8e46f00dfe355c8e406e2df50cce785fc06f08f4b853a5a57125d3
Static task
static1
Behavioral task
behavioral1
Sample
setup/AISetup-Crack.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
setup/AISetup-Crack.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
setup/Pre-Activated-Setup.exe
Resource
win7-20220414-en
Malware Config
Extracted
vidar
52.2
1281
https://t.me/netflixaccsfree
-
profile_id
1281
Targets
-
-
Target
setup/AISetup-Crack.exe
-
Size
2.4MB
-
MD5
be7879386bb4db5b6c8415166db67ef8
-
SHA1
ddd3021057a36b9f3298abc2844c3905652a9429
-
SHA256
9871a54a96e578971bde616e6110d08c60d1644734f72358ef04885d16c73d99
-
SHA512
4b0d06d882df5badbcd6d4445f8d3d4fc4db1fe7ec87018c316e9a0cf49e3e04c9c1459150d18613e5af0327b42d7f42a3eef174e35af6a436d2b903373bd9cc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
setup/Pre-Activated-Setup.exe
-
Size
397.6MB
-
MD5
c011c5bad19774ebf56ec031387998a7
-
SHA1
df8a65c3b049e81f5633086ea5f66b8a5b82f435
-
SHA256
330aeaaf79d476459e8808ccf795879e94d6892a1610cf4460958e790e0d0b25
-
SHA512
3a393844490f399e6d851c9fbd0aa5ab5284ebc5e6cdac7094e7fb88dbed01856c0e777db619437925e6e0d4b5df700a3641b498d8e4df504f862013eab1bdb3
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-