General
-
Target
FL Studia.exe
-
Size
1.5MB
-
Sample
211030-w9a7hsfbh6
-
MD5
865634b3f6cb4d2ac3dafbbd88085511
-
SHA1
5f9882d70100ed1b5fd7281bc6cbb1026591f83e
-
SHA256
3e6ecd9dc9ec4d42be5fdca7c55931fa9f835f3f634ee9f707ed7b1a102e9f7d
-
SHA512
8dff199ebf486bdac97ac760bf557a84e84dff631d57f627ade2bddbe76dd145d5d4014506a5f1944ccd6ba58b309a2c24845adb49e66b7229b28a79d3da7b99
Static task
static1
Behavioral task
behavioral1
Sample
FL Studia.exe
Resource
win7-en-20211014
Malware Config
Extracted
redline
H
185.255.133.25:18225
Targets
-
-
Target
FL Studia.exe
-
Size
1.5MB
-
MD5
865634b3f6cb4d2ac3dafbbd88085511
-
SHA1
5f9882d70100ed1b5fd7281bc6cbb1026591f83e
-
SHA256
3e6ecd9dc9ec4d42be5fdca7c55931fa9f835f3f634ee9f707ed7b1a102e9f7d
-
SHA512
8dff199ebf486bdac97ac760bf557a84e84dff631d57f627ade2bddbe76dd145d5d4014506a5f1944ccd6ba58b309a2c24845adb49e66b7229b28a79d3da7b99
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-