redline | 9df2f1f389119479fd7685350f70f2da11f541b79d1571fc51b67f3d183821c1

General

Target

by RyoX [GoodyExpl0its].rar
Size

5.1MB
Sample

240526-e3zg4aff73
MD5

dd2e5d9d53d73af35360869d9181e546
SHA1

54370b8941a6011b29aa4997fb44e435d2494f5d
SHA256

9df2f1f389119479fd7685350f70f2da11f541b79d1571fc51b67f3d183821c1
SHA512

37ffae2951429fe77c13a2acc1ba7f0e223ba683acd0031a6f7596fcaac8e31cfae282265f29d46a878d3d8f8f2b4865eee0fc611dd6055c9ad144c88675696a
SSDEEP

98304:yZS6y2zo/lQYUnplsTUjdBSdwS7atG2qfUNLKmNlGtF2qHAVxMmajCE0E:AST2EtHUnpHdodwS7X2qxYGtF2qgVWTf

Score

10^/10

Malware Config

Targets

- Target
  
  Avrora.exe
- Size
  
  4.7MB
- MD5
  
  15f90922fa11ba75c875688b66f104ba
- SHA1
  
  9db2d852aca4a3336e93ea9c1d79f8008484fb2e
- SHA256
  
  7b6fe3ae7047cd64cdcffeda0ee07efff41fb5a503862ddb0d330a5c99995dc8
- SHA512
  
  291f2ddf503cd1bcdec2c106ec71050459cbc0fc14fca63cc691b2f73d79e3921426be7bdc0822a632f17271fa0d14e970ebb178d9c5bb5aa09696576d092b1c
- SSDEEP
  
  98304:fLdfYRkV/KjZ1DNSR5EfrshLhCoMsaIO9YBxPeJ2wHMhY6S30xc:fx1V/KjvhSRCTjoMsHxeJ2ws+63xc
Score

9^/10

discovery evasion spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  scripts/cef_100_percent.pak
- Size
  
  621KB
- MD5
  
  02b2f9be36ad29156dd5a48e96de00f2
- SHA1
  
  5a2477402c5f704190f931aaae40c54248dfb867
- SHA256
  
  a1c2a5836896ef29dd8292bc38884e3473be58c51267d9d9db041ddabdfd4913
- SHA512
  
  3a837f3196881c5e2d25f1972e697aabee5952d7d48924c607035e01f92bae105757ec3ed0211b5e3b4e018afd126a31afdd30e34af1a3467e816d84b2e9e89f
- SSDEEP
  
  6144:3WxN1ImMsoHgs4jTlO5bPQmdcS7jQYVY+/ovYrbxIoaZoboRH2QXJ:3gMjgs4jTk5PdLky/ov8Ba3N3
Score

3^/10

execution
behavioral2
- Target
  
  scripts/cef_200_percent.pak
- Size
  
  672KB
- MD5
  
  47f7642817e81cfa95a2d39744a8b5e7
- SHA1
  
  d7d6b1b55d7f55bf5e045358155e159cb7db3721
- SHA256
  
  9441a4a3515d440db938241727f96e3256902463f2f61db0c26fbcadb56f93cb
- SHA512
  
  54b661d546d9196b70aedc36fc9751b0241c6309263035e58fcc7b9b90f2d18793fda44936fdd679d9f6948739f592fc749f7b76349b2dd82863c7bf73fbb945
- SSDEEP
  
  6144:OWxN1ImMsoHgs4jTlO5bPQmdcS7jQYVY+/ovYrbxIoaZoboRH2QXJ:OgMjgs4jTk5PdLky/ov8Ba3N3
Score

3^/10

execution
behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Reads user/profile data of web browsers

Themida packer

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3