General
-
Target
b73c34e7b239cf0d14810c17fecefbe7
-
Size
1.4MB
-
Sample
211111-kap1vagafk
-
MD5
b73c34e7b239cf0d14810c17fecefbe7
-
SHA1
9cbc5fb855aa90249a721f8277b88ea84bea00b6
-
SHA256
4c08d306d3272e38e7e592e6dd2f269ab79d9e375dbf2bc5911cadd10fb5755e
-
SHA512
35ce91ef2bb88fb3b642768501066cfa82848ef7066008181e070b29349b4a6e917ae6e67685b4bfc24abbfee47a698986cd4d23eebd67c54e6beeabd910cbd1
Static task
static1
Behavioral task
behavioral1
Sample
b73c34e7b239cf0d14810c17fecefbe7.exe
Resource
win7-en-20211104
Malware Config
Extracted
redline
1011bankk
charirelay.xyz:80
Targets
-
-
Target
b73c34e7b239cf0d14810c17fecefbe7
-
Size
1.4MB
-
MD5
b73c34e7b239cf0d14810c17fecefbe7
-
SHA1
9cbc5fb855aa90249a721f8277b88ea84bea00b6
-
SHA256
4c08d306d3272e38e7e592e6dd2f269ab79d9e375dbf2bc5911cadd10fb5755e
-
SHA512
35ce91ef2bb88fb3b642768501066cfa82848ef7066008181e070b29349b4a6e917ae6e67685b4bfc24abbfee47a698986cd4d23eebd67c54e6beeabd910cbd1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-