General
-
Target
7458976137.zip
-
Size
3.2MB
-
Sample
220520-nrwrhabac8
-
MD5
b5e4e3939b9dd07cb9af9b2207d4333f
-
SHA1
7dcacad5844326620bda2b4156cf673691bda9f5
-
SHA256
c1f4204697908a155a89bd2237d4ded480cfa78afbb555b02ae53a1badd9e8f0
-
SHA512
e9d235663963f2dda6a6e9c6081f4a99555bcd7234cd32c45571282d7c8dcc2eb0e8e0ceaf28ef0abf6cfa01dfb11bb52ab8a7e981e6ce1973b1466b8664fd1b
Static task
static1
Behavioral task
behavioral1
Sample
setup/AISetup-Crack.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
setup/AISetup-Crack.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
setup/Pre-Activated-Setup.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
leo5
cenyeyalory.xyz:80
kaiaiannial.xyz:80
viasanainah.xyz:80
xtelstasiup.xyz:80
-
auth_value
be820120fdc25e4fee4cd33b669b3e2c
Extracted
vidar
52.1
1281
https://t.me/verstappenf1r
https://climatejustice.social/@ronxik312
-
profile_id
1281
Targets
-
-
Target
setup/AISetup-Crack.exe
-
Size
346.0MB
-
MD5
5caa09b3a7089d4ec3ab263af0041826
-
SHA1
40bafeae4244b17f5bbd42b1863fe8ba83d6e6f3
-
SHA256
73487ed92e7cc9a0017dc27784a2a48d5d6ede2d76fb3190ab69cdd402d23ab1
-
SHA512
a49206f66d08b593f0546436e4a83ecebc21d7a8e0a4809075f4ca72513232063b75b4412cd9ebab00e185979e3914c048936de2a37cffa65531a44b8f0eb8e7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of SetThreadContext
-
-
-
Target
setup/Pre-Activated-Setup.exe
-
Size
353.8MB
-
MD5
e49a9126069d2e7c26159b2bdc38e822
-
SHA1
97a3494ac4065d149a7c7426ce93bd73ab223af4
-
SHA256
c060daa79346e21d4f577b035b44b0d391bcfc2d20edea54ca3543ea8f568db8
-
SHA512
f16f0c03932ac35b0705216e1ffdb8aa43d77f721d6d8b4b2352341aee23b96b19c80cc771a02d9eb01a980a25fb6377b64eae59c0903b62f27b2d0514ba45b5
-
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-