General

  • Target

    3b63463cff43564e61211b34942a4e1caff9fead3def8e27cc657335fc55abc8

  • Size

    5.6MB

  • Sample

    241110-y8a68svcqe

  • MD5

    a1ceb6cb6b1c7e2df66d00767adc46d6

  • SHA1

    b106138253d9d5baf55a06b546315ebe834ac13f

  • SHA256

    3b63463cff43564e61211b34942a4e1caff9fead3def8e27cc657335fc55abc8

  • SHA512

    46256f2070d5ce24e90ee1bb362b783912a8f28e2e17c638eb3245ad81cdb7f907b7c34e3527566d5f0debec2d76b3a771c10bec36823c382bde2c7170bde9c5

  • SSDEEP

    98304:AExixOAvshpURQo/1RoW8pedo00eFAAUgRkj9UWwIOgAR0VmgzgyhSov5WamWzBu:AEmOphSeoz8p8cgRkj9UWsfszgKd5Waa

Malware Config

Targets

    • Target

      Hypnoz Generator.exe

    • Size

      5.7MB

    • MD5

      61bf8c7f6d368f10fe841fed2d51bb46

    • SHA1

      6cc3b59948586329194743e2f984414bdef49477

    • SHA256

      f6abc86539aafb08e53c52674b929683ce5b21581c226d77795042e7e0bb1655

    • SHA512

      d5fec7094c3915abbbd90039c9a68ebac4b47498ffc65a24ed64267114d14de37a104ca4766599d337a494c53094a07088ee45df48543d28861d66c8f5c30c9b

    • SSDEEP

      98304:wx4HucwlTpqQfWLs7aGaOjmD/wBCeN1XEPDUnH10ViukqIkPCl23IL:wx4XoIvw7ha5oBCYOPDUH6Euo23IL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Redline family

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Sectoprat family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks