General
-
Target
b81f2f2d3c122a53a0c99f0b21e0ff79.exe
-
Size
6.9MB
-
Sample
220201-vmzqxshggq
-
MD5
b81f2f2d3c122a53a0c99f0b21e0ff79
-
SHA1
9b7e2b6b3464b5130f05b10f170e07fc8356ad2e
-
SHA256
914cd602a58f69dd35dd207d8128807926a139f27f4d8b7b2b958041783bc10c
-
SHA512
51ca133984ade0dbf6d926185a948c13f421da2dbe23b51bb2df22fd3c4c153de593e993b497f97ea18ae9e4060a14a3cdb537c27bc2922483235d2563402c76
Static task
static1
Behavioral task
behavioral1
Sample
b81f2f2d3c122a53a0c99f0b21e0ff79.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b81f2f2d3c122a53a0c99f0b21e0ff79.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
91.243.59.131:7171
Targets
-
-
Target
b81f2f2d3c122a53a0c99f0b21e0ff79.exe
-
Size
6.9MB
-
MD5
b81f2f2d3c122a53a0c99f0b21e0ff79
-
SHA1
9b7e2b6b3464b5130f05b10f170e07fc8356ad2e
-
SHA256
914cd602a58f69dd35dd207d8128807926a139f27f4d8b7b2b958041783bc10c
-
SHA512
51ca133984ade0dbf6d926185a948c13f421da2dbe23b51bb2df22fd3c4c153de593e993b497f97ea18ae9e4060a14a3cdb537c27bc2922483235d2563402c76
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-