General
-
Target
1ca3d04a1c28f573e0a31c49881c8c4a.7z
-
Size
1.9MB
-
Sample
220119-a8trksedck
-
MD5
3d1d00b27b7845068d971019b56132de
-
SHA1
ab7625d9e5b6a9ee31558f133d927bfc589a2dae
-
SHA256
90e6f395643514916b30101a393ffe491d7809349d75858ffa73cab7d717c31f
-
SHA512
dd86f313038e070b8a20cf355dab3878cf53fb538d7e9a636b6f14d2293f70682d854f20b194486e1c6d88d820b57b3b1fe6dcd265d021e7ff55f5a6beea18b3
Static task
static1
Malware Config
Extracted
redline
fs3
65.21.103.71:56458
Targets
-
-
Target
1ca3d04a1c28f573e0a31c49881c8c4a
-
Size
2.2MB
-
MD5
1ca3d04a1c28f573e0a31c49881c8c4a
-
SHA1
30a0a21660c49c0a44c981396c435483efad865e
-
SHA256
196e6323c5ffd2105f1159a77c1b1cb583deb9d27875232f5fae5635a39a637d
-
SHA512
aeede683d62f29b2e24f7352ff296c7249c3eccc6a6b3c165b060454a0704cf52b1137dbcdb24b7045c526f6a6e6b70f79935ed78866b552b7338cec38e6be64
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-