General
-
Target
97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62
-
Size
6.3MB
-
Sample
220301-yehn8achdl
-
MD5
47d8679cef92d54658d18b82d662a266
-
SHA1
90abb5e5648457b1fdace92f3749c31473193e55
-
SHA256
97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62
-
SHA512
05cb6ffaedfe0713545a0d27d1c27f6031d483698bfa14cc5037f918814500643ae461a3dfe003e5dab6aff5b979e8164157c20a2e526eb681aeed699915ab87
Static task
static1
Malware Config
Extracted
redline
bild
95.216.21.217:19597
-
auth_value
6a86304a315cc6a978ccb33feb915de5
Targets
-
-
Target
97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62
-
Size
6.3MB
-
MD5
47d8679cef92d54658d18b82d662a266
-
SHA1
90abb5e5648457b1fdace92f3749c31473193e55
-
SHA256
97b6f1724f915772098ffcbb2350bef100dd2c3d7cd26be39e9a3ca095d7ea62
-
SHA512
05cb6ffaedfe0713545a0d27d1c27f6031d483698bfa14cc5037f918814500643ae461a3dfe003e5dab6aff5b979e8164157c20a2e526eb681aeed699915ab87
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-