General
-
Target
2c59b4e57c8717b35b465ccf992ea48de637dcfea185507cdb88fd99b7ee136e
-
Size
1.4MB
-
Sample
220215-r1v34sgaa8
-
MD5
dfcb432a6e55ed55ab7635f594a6d550
-
SHA1
538bd66e36e97daaccbe39bab507a1e2e77fc601
-
SHA256
2c59b4e57c8717b35b465ccf992ea48de637dcfea185507cdb88fd99b7ee136e
-
SHA512
ae23480fc6981dc5a831ed985217587deb8fe631e7d241c1d5639e27ef3a5b5ad90836d091280442379038b430a2145ff5e2772926e907b481a9ed200a63a816
Static task
static1
Behavioral task
behavioral1
Sample
2c59b4e57c8717b35b465ccf992ea48de637dcfea185507cdb88fd99b7ee136e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2c59b4e57c8717b35b465ccf992ea48de637dcfea185507cdb88fd99b7ee136e.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
garik
94.26.249.132:19205
-
auth_value
b066c5fcfab0da3546ce851ec2b7c262
Targets
-
-
Target
2c59b4e57c8717b35b465ccf992ea48de637dcfea185507cdb88fd99b7ee136e
-
Size
1.4MB
-
MD5
dfcb432a6e55ed55ab7635f594a6d550
-
SHA1
538bd66e36e97daaccbe39bab507a1e2e77fc601
-
SHA256
2c59b4e57c8717b35b465ccf992ea48de637dcfea185507cdb88fd99b7ee136e
-
SHA512
ae23480fc6981dc5a831ed985217587deb8fe631e7d241c1d5639e27ef3a5b5ad90836d091280442379038b430a2145ff5e2772926e907b481a9ed200a63a816
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-