erbium

General

Target

ca0700ba32dd61848083ffc9646560e30c419a9bc0357c89ac0a79925fbe1d94
Size

11.9MB
Sample

241110-vt4cpa1gqa
MD5

1a82be2157bcbbb33adbd1eea25abbc1
SHA1

71a7bd61ca99b1cf74a471823bba6ed5a5c13eb2
SHA256

ca0700ba32dd61848083ffc9646560e30c419a9bc0357c89ac0a79925fbe1d94
SHA512

b27f4ebba9e993e577593539d24b69476c99c8b2b186da1cfb62b5c460adc708d60846d88a988818b767400b0a5c7ccac222182c916c52a40048777ede5e6409
SSDEEP

196608:Co2o5A600jQHK+6MWtHffqkjFUM6HkmEsr+A0shv:Co23+jQHgMWtLeM6EmEsr+Vshv

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

1086881322_99

C2

doshirak.top:3306

doshirak.top:28786

Attributes

auth_value
c7b4b3ad5c912786e8dea8b34a307b0d

Extracted

Family

erbium

C2

77.73.133.53

Targets

- Target
  
  exe/2323.exe
- Size
  
  709.8MB
- MD5
  
  fb65c262528331c307ba8850ff98a70e
- SHA1
  
  0e1bf40f62f266210fb9f607375634af0a9a9108
- SHA256
  
  b46746c3d567847a9c0bcfb856ed9d1bc2c6c21377dce08f0b67d1260bdbbb2c
- SHA512
  
  fd3699e3db910d2164e34f5579a77b6bbe436a712d2ed6f01242ceb27c08b1986612fa3949cc6b3b3c45fbb45d1e7735df39c83de8d5cd337d32862241d9270e
- SSDEEP
  
  3072:gj7kvws1y+IW9xdlmg1vjsZn/nw12LGben3ZvA9Af/i+9PaUtwef2ZpA:Q7kvw5+F9Dl5vjsBvwoLGytA94UA
Score

10^/10

redline 1086881322_99 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  exe/FIImora_FuII.exe
- Size
  
  311.3MB
- MD5
  
  f9bdc70dc4134ac051f52d6898f74fbf
- SHA1
  
  d7744bccdde5bf3d5134a85c858a6b3896ea0cac
- SHA256
  
  fa80a704adb4dbb67d23e55b08aa428c0bebe881e478aa997ca42f817d778e89
- SHA512
  
  6a7e45b661394fd7abf24031670d12b1550c114de1c0eaa8679be6afc2a0139d10307e0b23426b7031032740f89875242c67cb07c4787de1d33bb2289b387fc1
- SSDEEP
  
  3072:gj7kvws1y+IW9xdlmg1vjsZn/nw12LGben3ZvA9Af/i+9PaUtwef2ZpA:Q7kvw5+F9Dl5vjsBvwoLGytA94UA
Score

10^/10

redline 1086881322_99 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  exe/fakehack.exe
- Size
  
  2.9MB
- MD5
  
  3b96efee02ac3bca2d195b230efc0d85
- SHA1
  
  5a2ee976f377c59cba519ac6a81ac13c43f3ea3d
- SHA256
  
  04e70fcec6839e00cfe5b4d34f44d97a17385a61d63dd2416ad1141c30cd5dfe
- SHA512
  
  3bec8bf57dd99d0a31d720f14e61bc33d9c0f77ee65ccf040eb2bfbc9ff312b2d7354b9c358fa618d93ae39a3059543d4d5e36441523afaa3e96a9897a72fe54
- SSDEEP
  
  49152:PC8iliyOZRp+jqdichvEo8SfspRxHHRJDx76f4oIiburazgz/KMiNERpzWy2N:P/L/+jWichcIfsti4Q4Ug7LiNGph2N
Score

10^/10

erbium discovery evasion stealer themida trojan
- Erbium
  Erbium is an infostealer written in C++ and first seen in July 2022.
  stealer erbium
- Erbium family
  erbium
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6