General
-
Target
PRODUCTLIST.exe
-
Size
1.7MB
-
Sample
241124-mytp2sslhl
-
MD5
a9b805862ccee6848ce91ef51a31f71d
-
SHA1
4ca749b30f879945324811f5924996765aa7d2e4
-
SHA256
9bdef064f9693bbae4a073b09a795c7b27e7486c10b3c7d920019ca3729bb434
-
SHA512
94b6cc887127129a3b51dd68b8d29e417a70e7538668f5bfb4d5e1769d74e2ce44dcef9f36ab6021e04fb1e78f710bcc859163e064d91793e5a3b756fe067d97
-
SSDEEP
24576:DRhMoSwfXo0P9Ej+zE2bb1SfyeeYF2yjfLV/JFzQXYiU4L/E/pWWG8WHHSx44s8/:DgNwfevYoaTerPtsYikWWG8GJ88Y6eb
Behavioral task
behavioral1
Sample
PRODUCTLIST.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
PRODUCTLIST.exe
-
Size
1.7MB
-
MD5
a9b805862ccee6848ce91ef51a31f71d
-
SHA1
4ca749b30f879945324811f5924996765aa7d2e4
-
SHA256
9bdef064f9693bbae4a073b09a795c7b27e7486c10b3c7d920019ca3729bb434
-
SHA512
94b6cc887127129a3b51dd68b8d29e417a70e7538668f5bfb4d5e1769d74e2ce44dcef9f36ab6021e04fb1e78f710bcc859163e064d91793e5a3b756fe067d97
-
SSDEEP
24576:DRhMoSwfXo0P9Ej+zE2bb1SfyeeYF2yjfLV/JFzQXYiU4L/E/pWWG8WHHSx44s8/:DgNwfevYoaTerPtsYikWWG8GJ88Y6eb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1