General
-
Target
e18d023806b2dae4cfae65f12e8a663caaa310eac3a9fb4d0efdcd0316fee55b
-
Size
217KB
-
Sample
230124-lbhhtsbh5v
-
MD5
5a09d838cadfc239a7ff4f10be6cff06
-
SHA1
acf5c9ea321a4d113a368b6ed0876d047efbf194
-
SHA256
e44382dc93a60ffb4b6b9dc2d3379a9d1d58dab78d58b0a139b809195880e960
-
SHA512
e4d24fb0b0b1e2c5e2c48ef15598b8dc9092a51ed6b9aa10fe07e52fa3ac10fda02c46c43bc505f3053d936fb82a21a06e09a1659eef89c93db172c99ab24886
-
SSDEEP
6144:LEmLblBbMVHBD7NX4uM0XSuSMxm1gmXLM3LB:LEm9hMH5X4uM0XSjthX6
Static task
static1
Behavioral task
behavioral1
Sample
e18d023806b2dae4cfae65f12e8a663caaa310eac3a9fb4d0efdcd0316fee55b.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e18d023806b2dae4cfae65f12e8a663caaa310eac3a9fb4d0efdcd0316fee55b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
vidar
2.2
237
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
237
Extracted
redline
anydesk-usa2
89.163.146.82:25313
-
auth_value
e3c3767f7d9f3ac06dd9be67e6ea17c0
Targets
-
-
Target
e18d023806b2dae4cfae65f12e8a663caaa310eac3a9fb4d0efdcd0316fee55b
-
Size
336KB
-
MD5
f27b54a734087eac11f42be987965813
-
SHA1
6ee816527a79a1e82561810bf3b5c1e965e8180b
-
SHA256
e18d023806b2dae4cfae65f12e8a663caaa310eac3a9fb4d0efdcd0316fee55b
-
SHA512
e8d0a573cb7847a67cdab1725fcadc2bbf01a96370cab8ff48daa36ece4518e856716c4cbfff88d98da3663054bdf765f4e225ce53420260d462913ad24b7530
-
SSDEEP
6144:VkL/hR249u56rP+4EuM0c5HtQK/fu1d0cmTb:6FR2Qk6rPWuM0MtQKXu1f
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-