General
-
Target
VMX-Spoofer.rar
-
Size
3.4MB
-
Sample
240803-a3k79axbpl
-
MD5
a559dc48f81d4f3b3c20419c602931de
-
SHA1
52dfbc1d111d5b4d72d2b71fcbed6e6dbe19e68c
-
SHA256
a8273705002785a0db17525650ef59ad3ddf6b475ac9475a7a8d00f3893e9adf
-
SHA512
ef95d73fdd84d2d9c9a416c9272a221f271d094674a86e35a124b7caa92ccd442bab7385faa10bd81487714013c69bbd22aec61e0f1393121deeb3585308bdf4
-
SSDEEP
98304:Qu3Z9Y8Fugxop2a7GL94r/SWBl2w4abllQwqva:QuIjF7g94rxSw4ab1qva
Behavioral task
behavioral1
Sample
VMXSPF/VMXSPF.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
VMXSPF/VMXSPF.exe
-
Size
3.5MB
-
MD5
39bf6ccd737cc9c0c3801fc3b3455441
-
SHA1
7a51f28bbb4da653119fb0fa1679ef67b906e5f1
-
SHA256
e1a7972f5375eeb34a3f3a4d1177704ed211044c9e24e4ac601f582ce47f10a1
-
SHA512
98b5b88440e8acfcf57d2cdba686ad4848a0a6140dbfed6d1ba69a4ef0fbe9b8e6e96fd767fa3b3997ebbef00df68c7c26ec40d45ab23c185c51f06926c62aec
-
SSDEEP
98304:9JyDACLJdRIAGM9wqp4cOPs3fH0MtZ/1X:raACLJdvGMGcgUfUyZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2