General

  • Target

    5b607f814566590806500daf7c6e42f8

  • Size

    2.4MB

  • Sample

    240114-qw57vabafp

  • MD5

    5b607f814566590806500daf7c6e42f8

  • SHA1

    dc0d8c1b11071a2af1f126908d19485b46a1bd24

  • SHA256

    8d15fb33beefc75810f855ff44e0bf14ea6ada6cdab9371edfc479adcfed9a9d

  • SHA512

    a129846f19f31ad3048c6f54b67486b5fe63ffce72ca4aca16185bef2aa174989a8aa3c724f55a8892ec93dd010e92fbdee57d95a1b6997b017574f6a2645591

  • SSDEEP

    49152:YYGHCEyloc5dxe23pGpUJf+UohAs55PWdDxkKdPy7OzvV8E:YYCBooc3g25GpUJf+fSs55WRxJxjvf

Malware Config

Targets

    • Target

      5b607f814566590806500daf7c6e42f8

    • Size

      2.4MB

    • MD5

      5b607f814566590806500daf7c6e42f8

    • SHA1

      dc0d8c1b11071a2af1f126908d19485b46a1bd24

    • SHA256

      8d15fb33beefc75810f855ff44e0bf14ea6ada6cdab9371edfc479adcfed9a9d

    • SHA512

      a129846f19f31ad3048c6f54b67486b5fe63ffce72ca4aca16185bef2aa174989a8aa3c724f55a8892ec93dd010e92fbdee57d95a1b6997b017574f6a2645591

    • SSDEEP

      49152:YYGHCEyloc5dxe23pGpUJf+UohAs55PWdDxkKdPy7OzvV8E:YYCBooc3g25GpUJf+fSs55WRxJxjvf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks