General
-
Target
fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9
-
Size
7.3MB
-
Sample
240525-24q9faee93
-
MD5
5c95d5493dda877b228a6485a6d40d9c
-
SHA1
185482dabc06787f6ce14c6cd46c17372a1b77ae
-
SHA256
fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9
-
SHA512
05334c39be051eb33c0ad4787cd8d56a1386115bf809f2ec44088f719ab5bf3caf8e7a4539cb5d10b60bc5452b98d01656332b7e5c608038aeae73bd88b16e24
-
SSDEEP
196608:0qw9h20Qu0lFIutULgNr8cQ6P/qrFfDG2HD14LDsYu67ReBR:w2FIutULgS7rlDvDSI6cz
Malware Config
Targets
-
-
Target
fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9
-
Size
7.3MB
-
MD5
5c95d5493dda877b228a6485a6d40d9c
-
SHA1
185482dabc06787f6ce14c6cd46c17372a1b77ae
-
SHA256
fdb5b2a0041b0939552ecd31e382e28529313c8bc8a656eb7de1cef9fbd6eee9
-
SHA512
05334c39be051eb33c0ad4787cd8d56a1386115bf809f2ec44088f719ab5bf3caf8e7a4539cb5d10b60bc5452b98d01656332b7e5c608038aeae73bd88b16e24
-
SSDEEP
196608:0qw9h20Qu0lFIutULgNr8cQ6P/qrFfDG2HD14LDsYu67ReBR:w2FIutULgS7rlDvDSI6cz
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-