General
-
Target
a78df3ea7c9bcf96c6c9db033be7a66d9c418c1acfa3c8efc3c4ba313c5b4fad
-
Size
4.0MB
-
Sample
220205-nxys2sbcam
-
MD5
f8a7cbf299ea2c26131d1bd3b6d5bd06
-
SHA1
913fb7131947d4afba2c054b66934222e752d39e
-
SHA256
a78df3ea7c9bcf96c6c9db033be7a66d9c418c1acfa3c8efc3c4ba313c5b4fad
-
SHA512
0fe358304b743bd85674e2c6a3dbfb4da6911b6310a0daadc2e173a5f1b4eb570f88a297db850d3a2c075a6a90266bf1e92e3931daca292fe5862d5b3abe0978
Behavioral task
behavioral1
Sample
a78df3ea7c9bcf96c6c9db033be7a66d9c418c1acfa3c8efc3c4ba313c5b4fad.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
USA1
178.157.91.2:6677
Targets
-
-
Target
a78df3ea7c9bcf96c6c9db033be7a66d9c418c1acfa3c8efc3c4ba313c5b4fad
-
Size
4.0MB
-
MD5
f8a7cbf299ea2c26131d1bd3b6d5bd06
-
SHA1
913fb7131947d4afba2c054b66934222e752d39e
-
SHA256
a78df3ea7c9bcf96c6c9db033be7a66d9c418c1acfa3c8efc3c4ba313c5b4fad
-
SHA512
0fe358304b743bd85674e2c6a3dbfb4da6911b6310a0daadc2e173a5f1b4eb570f88a297db850d3a2c075a6a90266bf1e92e3931daca292fe5862d5b3abe0978
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-