General
-
Target
b38836c2ca840a569bee2b3fb196b8bbf895848c91b4970ea661b1bd879ae9f2
-
Size
382KB
-
Sample
221207-dera5she93
-
MD5
4b3b3660d4aaac2ae95a48473fd6625e
-
SHA1
3e37934207617ea2af6a09cf0e47f831331d8c9c
-
SHA256
b38836c2ca840a569bee2b3fb196b8bbf895848c91b4970ea661b1bd879ae9f2
-
SHA512
b2cd9ee1754242ce5b0cfcb156eecd779df5935afafec0129ef45b253c50e7180e7ab3da381b51e167f62057017eac89a3ee128fce108c6cb069852786ab2d01
-
SSDEEP
6144:XWUMLgc83mCFuCcflf6HW2ccG3c9WcoBlC4saVe:XM8c83HPQp6HW2nGxcWCZ3
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
b38836c2ca840a569bee2b3fb196b8bbf895848c91b4970ea661b1bd879ae9f2
-
Size
382KB
-
MD5
4b3b3660d4aaac2ae95a48473fd6625e
-
SHA1
3e37934207617ea2af6a09cf0e47f831331d8c9c
-
SHA256
b38836c2ca840a569bee2b3fb196b8bbf895848c91b4970ea661b1bd879ae9f2
-
SHA512
b2cd9ee1754242ce5b0cfcb156eecd779df5935afafec0129ef45b253c50e7180e7ab3da381b51e167f62057017eac89a3ee128fce108c6cb069852786ab2d01
-
SSDEEP
6144:XWUMLgc83mCFuCcflf6HW2ccG3c9WcoBlC4saVe:XM8c83HPQp6HW2nGxcWCZ3
Score10/10-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Uses the VBS compiler for execution
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-