General

  • Target

    5abf9ae3e99d972d17aaacd7a94d46ce

  • Size

    5.1MB

  • Sample

    240114-j65whaehdm

  • MD5

    5abf9ae3e99d972d17aaacd7a94d46ce

  • SHA1

    2d0d67b5815d2e7e81600d67c3b00536f3d9e3e9

  • SHA256

    30d8b08625d38bfb5eaaf59a69135b2816e8efd9b6492bc901bd43696156705d

  • SHA512

    39b53c5df98a367a1bb7d51e9447d99b9d85c4e7154dc0ae9078a925b88af09c1050f0e6bea4ac59768ee397d2fb1c6d0b758bcdaf5a83f81518d928b48594b6

  • SSDEEP

    98304:W6x0SCoPyYXLz/EylRTvg1EUj3jrz2+2I17Jdt1jL8boTtG8:nPEcz/EeRTvg1EUjTr6zE9dt98kTL

Malware Config

Targets

    • Target

      5abf9ae3e99d972d17aaacd7a94d46ce

    • Size

      5.1MB

    • MD5

      5abf9ae3e99d972d17aaacd7a94d46ce

    • SHA1

      2d0d67b5815d2e7e81600d67c3b00536f3d9e3e9

    • SHA256

      30d8b08625d38bfb5eaaf59a69135b2816e8efd9b6492bc901bd43696156705d

    • SHA512

      39b53c5df98a367a1bb7d51e9447d99b9d85c4e7154dc0ae9078a925b88af09c1050f0e6bea4ac59768ee397d2fb1c6d0b758bcdaf5a83f81518d928b48594b6

    • SSDEEP

      98304:W6x0SCoPyYXLz/EylRTvg1EUj3jrz2+2I17Jdt1jL8boTtG8:nPEcz/EeRTvg1EUjTr6zE9dt98kTL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks