General
-
Target
7c28aadc867aeb7d588f81a6a1ac43c4
-
Size
2.0MB
-
Sample
240128-e47j4adacm
-
MD5
7c28aadc867aeb7d588f81a6a1ac43c4
-
SHA1
5db61053e31711eb93f4e121f9e36abcf9e978e5
-
SHA256
a4444b62a202d6a11811a396e203f4aaadf46e5dd14c185904a2d51e06923360
-
SHA512
2f8531b5f64a1bd4bfb370227c2db3b5b58cc29c502a76b5983a09067c6939d661850a3b71d55194ed72f76280eca1a467f3a34e3918bdfcf3a205a96ee44cc8
-
SSDEEP
49152:evU0GLV0JiLv9GvjUfUH9VR4J1k3so+m8HPu/:elqV0JiLv9oHzdsR9H2
Malware Config
Targets
-
-
Target
7c28aadc867aeb7d588f81a6a1ac43c4
-
Size
2.0MB
-
MD5
7c28aadc867aeb7d588f81a6a1ac43c4
-
SHA1
5db61053e31711eb93f4e121f9e36abcf9e978e5
-
SHA256
a4444b62a202d6a11811a396e203f4aaadf46e5dd14c185904a2d51e06923360
-
SHA512
2f8531b5f64a1bd4bfb370227c2db3b5b58cc29c502a76b5983a09067c6939d661850a3b71d55194ed72f76280eca1a467f3a34e3918bdfcf3a205a96ee44cc8
-
SSDEEP
49152:evU0GLV0JiLv9GvjUfUH9VR4J1k3so+m8HPu/:elqV0JiLv9oHzdsR9H2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-