General
-
Target
ce8937019771132b670e3580b9ebc160464babde2a90d37b9d6e6df37b557e07
-
Size
1.3MB
-
Sample
220215-gp47jabee6
-
MD5
844bf9c5bc654232367d6edd6a874fd0
-
SHA1
96e159e086d9e18352d1e60cc5d5f76459ae6c3e
-
SHA256
ce8937019771132b670e3580b9ebc160464babde2a90d37b9d6e6df37b557e07
-
SHA512
f20d93adf81174d04ed793ebf06ec36af74e397433fd4b53e38dc11be28c74f7f92d8ca5c933b5a26e5cf18f0b3ea3d1845ee9e94f9f16e8936a40a7aae26ed6
Static task
static1
Behavioral task
behavioral1
Sample
ce8937019771132b670e3580b9ebc160464babde2a90d37b9d6e6df37b557e07.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ce8937019771132b670e3580b9ebc160464babde2a90d37b9d6e6df37b557e07.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
redline
1011h
charirelay.xyz:80
-
auth_value
d922d0e6a8065ced15ac54d22fbc64f9
Targets
-
-
Target
ce8937019771132b670e3580b9ebc160464babde2a90d37b9d6e6df37b557e07
-
Size
1.3MB
-
MD5
844bf9c5bc654232367d6edd6a874fd0
-
SHA1
96e159e086d9e18352d1e60cc5d5f76459ae6c3e
-
SHA256
ce8937019771132b670e3580b9ebc160464babde2a90d37b9d6e6df37b557e07
-
SHA512
f20d93adf81174d04ed793ebf06ec36af74e397433fd4b53e38dc11be28c74f7f92d8ca5c933b5a26e5cf18f0b3ea3d1845ee9e94f9f16e8936a40a7aae26ed6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-