General
-
Target
c23b096fdd5379aeaee9a28e4561143596fe1c7d32555f915a69725c99fba470
-
Size
1.4MB
-
Sample
211119-kl956ahgfm
-
MD5
b4ebbc92b9c6aea78e9b797e9365d61b
-
SHA1
3046ac629e1b298d7af16d0a52d529e165723ae6
-
SHA256
c23b096fdd5379aeaee9a28e4561143596fe1c7d32555f915a69725c99fba470
-
SHA512
58bb1d4bf282bbe18c51b13bb7a4a1a23b75c9fa75541f2a202b4c02a4b64f7ce48d5d08f0f07dba9b4a8e3052565bbadf27d60d4a528dfd6971457fcae79a24
Static task
static1
Behavioral task
behavioral1
Sample
c23b096fdd5379aeaee9a28e4561143596fe1c7d32555f915a69725c99fba470.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
@zhilsholi
nariviqusir.xyz:81
Targets
-
-
Target
c23b096fdd5379aeaee9a28e4561143596fe1c7d32555f915a69725c99fba470
-
Size
1.4MB
-
MD5
b4ebbc92b9c6aea78e9b797e9365d61b
-
SHA1
3046ac629e1b298d7af16d0a52d529e165723ae6
-
SHA256
c23b096fdd5379aeaee9a28e4561143596fe1c7d32555f915a69725c99fba470
-
SHA512
58bb1d4bf282bbe18c51b13bb7a4a1a23b75c9fa75541f2a202b4c02a4b64f7ce48d5d08f0f07dba9b4a8e3052565bbadf27d60d4a528dfd6971457fcae79a24
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-