General
-
Target
3c9ce581ee50de2ca3ad5f73b5666424
-
Size
9.7MB
-
Sample
210726-yg8c8eeqej
-
MD5
3c9ce581ee50de2ca3ad5f73b5666424
-
SHA1
7fb5c8773210dd2f4c3ad1c32c94ae49fc5b0fe4
-
SHA256
bf0b6e7c79d0507e85ebad255973e90fa1ee1b6ae2eb408c4866aeb9322a9e5c
-
SHA512
d87edc4966ff0b7629842437b71305d0d79b5fe32a999204ddf33ce20973ebbca5c3e7156911075310b26ab158bbc956b77b4c589ecf8e02c53e6417118857be
Static task
static1
Behavioral task
behavioral1
Sample
3c9ce581ee50de2ca3ad5f73b5666424.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3c9ce581ee50de2ca3ad5f73b5666424.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
3c9ce581ee50de2ca3ad5f73b5666424
-
Size
9.7MB
-
MD5
3c9ce581ee50de2ca3ad5f73b5666424
-
SHA1
7fb5c8773210dd2f4c3ad1c32c94ae49fc5b0fe4
-
SHA256
bf0b6e7c79d0507e85ebad255973e90fa1ee1b6ae2eb408c4866aeb9322a9e5c
-
SHA512
d87edc4966ff0b7629842437b71305d0d79b5fe32a999204ddf33ce20973ebbca5c3e7156911075310b26ab158bbc956b77b4c589ecf8e02c53e6417118857be
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-