General
-
Target
Paypal-Bypass-New.rar
-
Size
10.5MB
-
Sample
220809-tvwhssedg5
-
MD5
9b0aa0b40ad2b96fe32908f8b4b18977
-
SHA1
04e520449b54a5b0399f656469818a5b52034139
-
SHA256
7767cd4aee0256131839ae137da6f4bca9e6bc60924e0774f041a05ca3d7bc14
-
SHA512
95fd8c174c815ed2882fd688c2c26614ec4cd2360fd350ef0bfe62e935006198f8272f904ad83513907c1fd516844e2ce8a1824412e5baa5cbf9a91a5f687ef2
Behavioral task
behavioral1
Sample
Paypal-Bypass-New/Paypal-Bypass-New.exe
Resource
win10-20220414-en
Behavioral task
behavioral2
Sample
Paypal-Bypass-New/assets/Freebitco.in/[BLTools Cracked By Grizzly] Full Logs/[0.00000003 BTC] SE[167.lnk
Resource
win10-20220718-en
Malware Config
Extracted
redline
cheat
5.161.137.166:6738
Targets
-
-
Target
Paypal-Bypass-New/Paypal-Bypass-New.exe
-
Size
3.1MB
-
MD5
b5e3684462869bcdf57aee5552272e89
-
SHA1
3cb0e09457929171dce9e74fee6fc529f543ed96
-
SHA256
7a7997a3e431e72d22551e98f6d61ea902bdda5ed55690ee59b38b9f0944c869
-
SHA512
0c5f285bd3edd5b4e96c7ec625171ccd9fbffd14ab0cbf942ca3cddc64dd086b9456ee4480cd487dacca251d5e435ff79e01ec6fc55c75009e033c375e5bd025
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Paypal-Bypass-New/assets/Freebitco.in/[BLTools Cracked By Grizzly] Full Logs/[0.00000003 BTC] SE[167E482B2B469B3A0B8F2F3ADCC05A2B] [2022-06-09T08_58_02.1967335+08_00]/FileGrabber/Users/necok/Desktop/Atomic Wallet.lnk
-
Size
2KB
-
MD5
3abd48e7bc60de9ba4f1dad18d318d95
-
SHA1
f22d31945a483e428bcb922c4d2833bc679a3374
-
SHA256
d15f9762335acc6aa4e676cb7410e14ae5a01345ad7890e0a70f9e349e5c4b2c
-
SHA512
513446c7aba5b969847a27345f3d78a418dcb6a645b7dcaa4f9653da7bb34b21b71963a706ecdc41855b13d122914be48a7b72ec5a58830fa9b631c06fccfc2f
Score3/10 -