General
-
Target
2e724d3c3bdd54196bccbf6cd88a611e7cb7a99f71584ab8baf452bfa25d3c7b
-
Size
1.5MB
-
Sample
220215-ryq2dahcbj
-
MD5
37444e59d1f27aa01778a606acff5b81
-
SHA1
8f22dce2dc7f916f21d382c50f50869c654ec908
-
SHA256
2e724d3c3bdd54196bccbf6cd88a611e7cb7a99f71584ab8baf452bfa25d3c7b
-
SHA512
cd317e16396cac24c11a4a8c8c3eba895241b13ef7312bf349bdc80082bc054f30fbcdf2c9194bae73c12ecc56ad5d24fd87459504d10464e87aa80fc4d2fdd9
Static task
static1
Behavioral task
behavioral1
Sample
2e724d3c3bdd54196bccbf6cd88a611e7cb7a99f71584ab8baf452bfa25d3c7b.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2e724d3c3bdd54196bccbf6cd88a611e7cb7a99f71584ab8baf452bfa25d3c7b.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
dfd3
91.206.14.151:16764
-
auth_value
aca035896c58cf1d32837bf9302ebdc1
Targets
-
-
Target
2e724d3c3bdd54196bccbf6cd88a611e7cb7a99f71584ab8baf452bfa25d3c7b
-
Size
1.5MB
-
MD5
37444e59d1f27aa01778a606acff5b81
-
SHA1
8f22dce2dc7f916f21d382c50f50869c654ec908
-
SHA256
2e724d3c3bdd54196bccbf6cd88a611e7cb7a99f71584ab8baf452bfa25d3c7b
-
SHA512
cd317e16396cac24c11a4a8c8c3eba895241b13ef7312bf349bdc80082bc054f30fbcdf2c9194bae73c12ecc56ad5d24fd87459504d10464e87aa80fc4d2fdd9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-