General
-
Target
NordVPN Checker by xRisky v2.rar
-
Size
3.1MB
-
Sample
230311-bxfk9ahh21
-
MD5
a5c29a79c38c213a4cc9194bbc09065a
-
SHA1
377e54ed0a1f2f166142f2a38ea3ba35ff469d82
-
SHA256
671c37266d8edfe445ac284ba2b1f1131cf314130a3cdc2f791ac1b965ed4ca8
-
SHA512
ca977a49a49c9dea82026ad0bd6528e5b3f58bf35acd38ac3dd904e2e2972b4099f5df82188242fb0da5566ed585d301c27b2366dfe0499ada24c0c64c166aba
-
SSDEEP
98304:XYu2NFa2UIBGA+Y3JtcZRfKOjEtdhkENsjoPn:XYu2NFKIBGA+uORltj2
Static task
static1
Behavioral task
behavioral1
Sample
NordVPN Checker by xRisky v2/NordVPN Checker by xRisky v2/NordVPN Checker by xRisky v2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
NordVPN Checker by xRisky v2/NordVPN Checker by xRisky v2/NordVPN Checker by xRisky v2.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
NordVPN Checker by xRisky v2/NordVPN Checker by xRisky v2/NordVPN Checker by xRisky v2.exe
-
Size
3.6MB
-
MD5
9df94731f9ac86b4f1402c15b84a3578
-
SHA1
5159c2b5714f441620e28ead76b1c0660c7e124c
-
SHA256
dd4fc338c35dba00d865ebf26c18f892f321bc2e77564109e389ea01eaf77fd0
-
SHA512
c3e6cc529f811d36c79c001b42d283984bda9da42242ea63b118ac546a561f301f72c43fcb46bed7a16470d2eb08744009ea23e80f24b544dca3d7dbb448f2c1
-
SSDEEP
49152:KsxJtIT8zzAiAua9pByJcjCI1imWYVBqSLIaisl0ilx5MVuCzFIFIuRZ97F:BxJG9GemI1i8kkCnFI
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-