General
-
Target
4ddc2f20b7d416d6fbf18cf208941e0b
-
Size
1.9MB
-
Sample
240109-kk796scaap
-
MD5
4ddc2f20b7d416d6fbf18cf208941e0b
-
SHA1
cc0b051c6f4ffa5148fb1df1c23011e87e98d69e
-
SHA256
61b12ec568d18ab0455fb7789b2482ffa34b52de83ead564ac1e6ef6fab5d816
-
SHA512
5808cb0fcbe5acd4daa8b31c1fe566734f0ec9af7ce90a7fe166ddf2039517b79da049947f7830e4a8ae00e560dedc2b729fff826eb1786fe256b6b00194f2f2
-
SSDEEP
49152:aA5wY0YhVWfDfoZLiZ9ZxXSv+eEq9Pb8SiSQAaRpXZ:vwrYmfcLiPZxtq9D8b3XZ
Malware Config
Extracted
redline
H
65.21.103.71:56458
Targets
-
-
Target
4ddc2f20b7d416d6fbf18cf208941e0b
-
Size
1.9MB
-
MD5
4ddc2f20b7d416d6fbf18cf208941e0b
-
SHA1
cc0b051c6f4ffa5148fb1df1c23011e87e98d69e
-
SHA256
61b12ec568d18ab0455fb7789b2482ffa34b52de83ead564ac1e6ef6fab5d816
-
SHA512
5808cb0fcbe5acd4daa8b31c1fe566734f0ec9af7ce90a7fe166ddf2039517b79da049947f7830e4a8ae00e560dedc2b729fff826eb1786fe256b6b00194f2f2
-
SSDEEP
49152:aA5wY0YhVWfDfoZLiZ9ZxXSv+eEq9Pb8SiSQAaRpXZ:vwrYmfcLiPZxtq9D8b3XZ
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-