General
-
Target
WondershareFilmora.zip
-
Size
5.8MB
-
Sample
230312-yljj4afb86
-
MD5
5b565ec444341f370928359055b6a9f9
-
SHA1
9be563edc7b801819a5ddb83a44dc1b8ca2d3003
-
SHA256
7bae85a81ad728fc5fd89075eef72e66c503061d872298f283306aac95442793
-
SHA512
52ab4da5111eb13043bb6c59253c52bfe311230ae5ea03e3f3ac4a0e2c973897e0ca0fb7596c392a4089b4080c031e9cb873be2d6ec112a62567ff105fdc6b28
-
SSDEEP
98304:nki/JpNxT76wiOtP1g74I/R2svxt+iR/VI8pBuVk1emXIIEK1afDXK6:nlrNF6+M2svVXu8jKK1iDXj
Malware Config
Extracted
redline
ddd
5.252.22.216:40220
-
auth_value
b8c2ccb8057af06ccf5e18d13669cd81
Targets
-
-
Target
WondershareFilmora.exe
-
Size
1024.0MB
-
MD5
330f63db8aed56890ea5306cacc5a27b
-
SHA1
a380528f6a29e2283711e6cf57caeb79d141eed4
-
SHA256
9c422b904a9bd1cf989b509aca77b12dd66da9eb691c080a4ec31d97288b8c6b
-
SHA512
96729ca81a925e0293e33da90577a17fd5b9c07916602337fdd49b060e991be9253163f990ef103e33675d648ed460e7bb47c7191c9b8d73cfca0af3c83d423c
-
SSDEEP
98304:yQ0HJ3W3Lqr6XiECc8PgRjqQ5dHexH6uIkhk4ZKEd:yQ0HJ3W7quyDLYIQqt2/4ZKEd
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-