General
-
Target
fb89d57447db2445a18842b156ede54a
-
Size
1MB
-
Sample
220330-z2p79adebq
-
MD5
fb89d57447db2445a18842b156ede54a
-
SHA1
69fd005c7f4da455cc16198c308c02597aeed475
-
SHA256
12dd9be4130d2815e1996e2179b5e0af874bc1bca280b455f17ff96aace7293c
-
SHA512
2dca1e302379ec0543ff4e9f8f4dc18c1ef76b758fb17823f9a6835fbfbcd1afce759719592060db1a95ba3085ed6fbb9678b364342a8b22e2c982928c2e47be
Static task
static1
Behavioral task
behavioral1
Sample
fb89d57447db2445a18842b156ede54a.exe
Resource
win7-20220311-en
Malware Config
Extracted
redline
1
116.202.11.19:24855
-
auth_value
24b5bd5b441536b793bf4e2a4d143416
Targets
-
-
Target
fb89d57447db2445a18842b156ede54a
-
Size
1MB
-
MD5
fb89d57447db2445a18842b156ede54a
-
SHA1
69fd005c7f4da455cc16198c308c02597aeed475
-
SHA256
12dd9be4130d2815e1996e2179b5e0af874bc1bca280b455f17ff96aace7293c
-
SHA512
2dca1e302379ec0543ff4e9f8f4dc18c1ef76b758fb17823f9a6835fbfbcd1afce759719592060db1a95ba3085ed6fbb9678b364342a8b22e2c982928c2e47be
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-