General
-
Target
8B664F8A44DCB056095BC43BCB854C11.exe
-
Size
8.8MB
-
Sample
220111-pq8kcafhap
-
MD5
8b664f8a44dcb056095bc43bcb854c11
-
SHA1
3f54621b0fd5bb9ae4f20c41fdc937a6654f9269
-
SHA256
e3c21f2f79c6a027881f1b74728c61d4fbb6fe6921f8840ce2dc11aabc9ceaa4
-
SHA512
71d2a1359a7ff610d3b64eeeebc406ca2b00139db0b73484a679563eb5424a7fbd194dde7f2cca0cee6f5f240f58f2541e809d2d880dc32b7f6009335e066d51
Static task
static1
Behavioral task
behavioral1
Sample
8B664F8A44DCB056095BC43BCB854C11.exe
Resource
win7-en-20211208
Malware Config
Extracted
bitrat
1.33
89.163.140.102:1234
-
communication_password
8c249675aea6c3cbd91661bbae767ff1
-
tor_process
tor
Extracted
redline
pub
185.153.198.36:81
Extracted
redline
work10
185.250.151.29:42520
Targets
-
-
Target
8B664F8A44DCB056095BC43BCB854C11.exe
-
Size
8.8MB
-
MD5
8b664f8a44dcb056095bc43bcb854c11
-
SHA1
3f54621b0fd5bb9ae4f20c41fdc937a6654f9269
-
SHA256
e3c21f2f79c6a027881f1b74728c61d4fbb6fe6921f8840ce2dc11aabc9ceaa4
-
SHA512
71d2a1359a7ff610d3b64eeeebc406ca2b00139db0b73484a679563eb5424a7fbd194dde7f2cca0cee6f5f240f58f2541e809d2d880dc32b7f6009335e066d51
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-