General
-
Target
d89b0eeecf32a77eeb7d9250846bd6bf
-
Size
3.8MB
-
Sample
240320-ms95vafe5v
-
MD5
d89b0eeecf32a77eeb7d9250846bd6bf
-
SHA1
2d35943fed72076dcde8c498ded9c3fdc5846704
-
SHA256
0a705cda5473812a1378ce954f49447b236593f68e627293498db5bbb16c51cc
-
SHA512
256f80734190bd92d76a60a95d6e8764bf4aee9a8352b454b951f56ee3ef8262257c9e9bc0203ad387b3fda5736e345e9dfe62a5ccf99fec1f6cc43d8b0f641e
-
SSDEEP
98304:rM1s7HZVdBq/uZXgyTJDGZWfvYidrzQ3rl1:rMgH7rFb8Wf7ZW1
Malware Config
Extracted
redline
xxluchxx1
185.172.129.61:39278
Targets
-
-
Target
d89b0eeecf32a77eeb7d9250846bd6bf
-
Size
3.8MB
-
MD5
d89b0eeecf32a77eeb7d9250846bd6bf
-
SHA1
2d35943fed72076dcde8c498ded9c3fdc5846704
-
SHA256
0a705cda5473812a1378ce954f49447b236593f68e627293498db5bbb16c51cc
-
SHA512
256f80734190bd92d76a60a95d6e8764bf4aee9a8352b454b951f56ee3ef8262257c9e9bc0203ad387b3fda5736e345e9dfe62a5ccf99fec1f6cc43d8b0f641e
-
SSDEEP
98304:rM1s7HZVdBq/uZXgyTJDGZWfvYidrzQ3rl1:rMgH7rFb8Wf7ZW1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-