General
-
Target
SecuriteInfo.com.MemScan.Trojan.GenericKDZ.85144.21907.17606
-
Size
1.5MB
-
Sample
220321-wvyz2addf4
-
MD5
0488ffd1627582cba0fde387224bd56a
-
SHA1
8bdc75cd072a033ae4a60eb65a3544bf6be51fd5
-
SHA256
200a437b2d155dd41388b86f7f12d6afdf42d090d34b99a65fbb52e43c491b40
-
SHA512
19b465f12548e4070f79371d7d319af26b690b755a0a1842d36a1daf20dd15e548fa0301b59d81ca47caf68435a8c99a195056e2064d0c4426a328067f08545b
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.MemScan.Trojan.GenericKDZ.85144.21907.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.MemScan.Trojan.GenericKDZ.85144.21907.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
@zhilsholi
yabynennet.xyz:81
-
auth_value
c2d0b7a2ede97b91495c99e75b4f27fb
Targets
-
-
Target
SecuriteInfo.com.MemScan.Trojan.GenericKDZ.85144.21907.17606
-
Size
1.5MB
-
MD5
0488ffd1627582cba0fde387224bd56a
-
SHA1
8bdc75cd072a033ae4a60eb65a3544bf6be51fd5
-
SHA256
200a437b2d155dd41388b86f7f12d6afdf42d090d34b99a65fbb52e43c491b40
-
SHA512
19b465f12548e4070f79371d7d319af26b690b755a0a1842d36a1daf20dd15e548fa0301b59d81ca47caf68435a8c99a195056e2064d0c4426a328067f08545b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-