General
-
Target
49b40e0275ae86804cec39f17fc3ca304b2bb34bb7fbec8250b806e5db8b05f4
-
Size
4.3MB
-
Sample
231127-fhspgsec9z
-
MD5
7873496804896ac27f7fe2e2d74f8038
-
SHA1
661b2db3bdca4432b054f193c963ae9df9c3a056
-
SHA256
49b40e0275ae86804cec39f17fc3ca304b2bb34bb7fbec8250b806e5db8b05f4
-
SHA512
4429bc6b9e9aa6710391abc44558bfe40a1bd4a8c706481e0a6c6ca94aad162daae7a60b8321678716d5f8befbfa639b2e5f262c7452c5b1fe21cc60db1e107b
-
SSDEEP
98304:i+FtoG6jiNY7TRqLbWgymbJtucIqpRM5U/q2sU9SR:i+A4STRolymOctASC219M
Malware Config
Targets
-
-
Target
49b40e0275ae86804cec39f17fc3ca304b2bb34bb7fbec8250b806e5db8b05f4
-
Size
4.3MB
-
MD5
7873496804896ac27f7fe2e2d74f8038
-
SHA1
661b2db3bdca4432b054f193c963ae9df9c3a056
-
SHA256
49b40e0275ae86804cec39f17fc3ca304b2bb34bb7fbec8250b806e5db8b05f4
-
SHA512
4429bc6b9e9aa6710391abc44558bfe40a1bd4a8c706481e0a6c6ca94aad162daae7a60b8321678716d5f8befbfa639b2e5f262c7452c5b1fe21cc60db1e107b
-
SSDEEP
98304:i+FtoG6jiNY7TRqLbWgymbJtucIqpRM5U/q2sU9SR:i+A4STRolymOctASC219M
Score10/10-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-