General
-
Target
19e68852c211ebf0cee8dd310f5d191b50e0eae8e32c20d8be8a84afb795e980.exe
-
Size
784KB
-
Sample
210624-s8xy6bxh3a
-
MD5
fcff182cb8fed42e720a19ed5b997e5a
-
SHA1
73f95a618c8659acf1ca63bdc9fdf24f72cb27be
-
SHA256
19e68852c211ebf0cee8dd310f5d191b50e0eae8e32c20d8be8a84afb795e980
-
SHA512
b0d74845b3020a547347ef2a11a26a6512a50cf56da54d2fec602661bf7edfde33c09457e7a049c66b035a3b765dc48ddebfc9a89c0f43d572f9779c1be15404
Static task
static1
Behavioral task
behavioral1
Sample
19e68852c211ebf0cee8dd310f5d191b50e0eae8e32c20d8be8a84afb795e980.exe
Resource
win7v20210410
Malware Config
Extracted
redline
111111322
verecalina.xyz:80
Extracted
vidar
39.4
909
https://sergeevih43.tumblr.com
-
profile_id
909
Targets
-
-
Target
19e68852c211ebf0cee8dd310f5d191b50e0eae8e32c20d8be8a84afb795e980.exe
-
Size
784KB
-
MD5
fcff182cb8fed42e720a19ed5b997e5a
-
SHA1
73f95a618c8659acf1ca63bdc9fdf24f72cb27be
-
SHA256
19e68852c211ebf0cee8dd310f5d191b50e0eae8e32c20d8be8a84afb795e980
-
SHA512
b0d74845b3020a547347ef2a11a26a6512a50cf56da54d2fec602661bf7edfde33c09457e7a049c66b035a3b765dc48ddebfc9a89c0f43d572f9779c1be15404
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-