Extracted

Extracted

Extracted

• • Target

    56a70e6ce9219a9e6ada4a67fdf3cb527a6d5c7d581c3a67fffe98cfd3bcfe59

  • Size

    326KB

  • MD5

    4262ddcb1740fb47bdecdf49eecf1259

  • SHA1

    515ea8f477c66ef302f1e3c67d752b14a3b8afd9

  • SHA256

    56a70e6ce9219a9e6ada4a67fdf3cb527a6d5c7d581c3a67fffe98cfd3bcfe59

  • SHA512

    7c5b2fc30eec8f45210823b02203a176982f5deb44cb7ca8779ec0b6424bff0cc16ab1e3ea07ac1d9f36095774d72518e429cebb14e7d786f77b118c42305492

  • SSDEEP

    3072:kJdg12IlEz/He1Wa26RhP/6y7egVgFQLk9xthuZGt2yORh3kVyX7RKkEjZo:j2IGYT22kvgVgvthAGBCyC21

  Score

  10^/10

  redlinesmokeloaderlogsdiller cloud (telegram: @logsdillabot)sprgbackdoordiscoveryevasioninfostealerspywarestealerthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1