General
-
Target
e73ab5b026aaeffc50c96289762fc9e0d4f5354d2c976b7e5ac7c37865a307ad
-
Size
5.2MB
-
Sample
220215-ft5s7abba3
-
MD5
3f72f1be9ed29ae0d5dce6455c67a1ba
-
SHA1
82b7f08d7ae702fd825382fd0f3c28bf8e63a337
-
SHA256
e73ab5b026aaeffc50c96289762fc9e0d4f5354d2c976b7e5ac7c37865a307ad
-
SHA512
cb9a4d2b5a0192b391f3b972e984c40b3cb6282c86c1d3928523abd466627131554fe2ad5b9edee84f3c66bc5ce0172d82bf4a6dff730a8cf663b3f6cd29f449
Malware Config
Extracted
redline
20kinstallov
95.217.123.66:57358
-
auth_value
fb275eec825685cba8a40f492fe7aca0
Targets
-
-
Target
e73ab5b026aaeffc50c96289762fc9e0d4f5354d2c976b7e5ac7c37865a307ad
-
Size
5.2MB
-
MD5
3f72f1be9ed29ae0d5dce6455c67a1ba
-
SHA1
82b7f08d7ae702fd825382fd0f3c28bf8e63a337
-
SHA256
e73ab5b026aaeffc50c96289762fc9e0d4f5354d2c976b7e5ac7c37865a307ad
-
SHA512
cb9a4d2b5a0192b391f3b972e984c40b3cb6282c86c1d3928523abd466627131554fe2ad5b9edee84f3c66bc5ce0172d82bf4a6dff730a8cf663b3f6cd29f449
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-