General
-
Target
c1f4204697908a155a89bd2237d4ded480cfa78afbb555b02ae53a1badd9e8f0
-
Size
3.2MB
-
Sample
241108-meh47s1bne
-
MD5
b5e4e3939b9dd07cb9af9b2207d4333f
-
SHA1
7dcacad5844326620bda2b4156cf673691bda9f5
-
SHA256
c1f4204697908a155a89bd2237d4ded480cfa78afbb555b02ae53a1badd9e8f0
-
SHA512
e9d235663963f2dda6a6e9c6081f4a99555bcd7234cd32c45571282d7c8dcc2eb0e8e0ceaf28ef0abf6cfa01dfb11bb52ab8a7e981e6ce1973b1466b8664fd1b
-
SSDEEP
49152:9TZu5JrF82uv3/A6UcAblqJY7PYi53iPwaDGIM6VjNo47jNeB5kh/EtSB0bSZa4N:9TM5hFm/9aZFEYaDC/uPBASw4DP4I
Static task
static1
Behavioral task
behavioral1
Sample
setup/AISetup-Crack.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
setup/AISetup-Crack.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
setup/Pre-Activated-Setup.exe
Resource
win7-20240708-en
Malware Config
Extracted
redline
leo5
cenyeyalory.xyz:80
kaiaiannial.xyz:80
viasanainah.xyz:80
xtelstasiup.xyz:80
-
auth_value
be820120fdc25e4fee4cd33b669b3e2c
Extracted
vidar
52.1
1281
https://t.me/verstappenf1r
https://climatejustice.social/@ronxik312
-
profile_id
1281
Targets
-
-
Target
setup/AISetup-Crack.exe
-
Size
346.0MB
-
MD5
5caa09b3a7089d4ec3ab263af0041826
-
SHA1
40bafeae4244b17f5bbd42b1863fe8ba83d6e6f3
-
SHA256
73487ed92e7cc9a0017dc27784a2a48d5d6ede2d76fb3190ab69cdd402d23ab1
-
SHA512
a49206f66d08b593f0546436e4a83ecebc21d7a8e0a4809075f4ca72513232063b75b4412cd9ebab00e185979e3914c048936de2a37cffa65531a44b8f0eb8e7
-
SSDEEP
98304:pO/naJsbWq0YTrHXGy0fMu6c5A7lfvF6s0:IaGqHYTrHWHDA7JF6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-
-
-
Target
setup/Pre-Activated-Setup.exe
-
Size
353.8MB
-
MD5
e49a9126069d2e7c26159b2bdc38e822
-
SHA1
97a3494ac4065d149a7c7426ce93bd73ab223af4
-
SHA256
c060daa79346e21d4f577b035b44b0d391bcfc2d20edea54ca3543ea8f568db8
-
SHA512
f16f0c03932ac35b0705216e1ffdb8aa43d77f721d6d8b4b2352341aee23b96b19c80cc771a02d9eb01a980a25fb6377b64eae59c0903b62f27b2d0514ba45b5
-
SSDEEP
49152:TvX6WTfpYz2wZEEOva4EwL7XlFuh/NmEJGxwnXCprcMRMfM9uGJ:T/AzbEEwd/V8h/4wMKQB
-
Vidar family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-