General
-
Target
16f4a3fc69b8b2b64db781127f898729b4ea712c835a3.exe
-
Size
4.4MB
-
Sample
220406-g4wtpsbcd2
-
MD5
594d7823440e565b0f1379be8f218e33
-
SHA1
07b3e8fc1d21fbbc13f7271d8eda4794ffa71861
-
SHA256
16f4a3fc69b8b2b64db781127f898729b4ea712c835a3ffc8b25021106f8245c
-
SHA512
b746afcbaad590c7fefe6c74c4ca076d97a74a91907272815f5be289ff1109ce257999d33600b5ec94b8b121305913cb10906c3f066bbbbdc2d7f1601bb9eca9
Static task
static1
Behavioral task
behavioral1
Sample
16f4a3fc69b8b2b64db781127f898729b4ea712c835a3.exe
Resource
win7-20220331-en
Malware Config
Extracted
redline
filinnn1
5.45.77.29:41494
-
auth_value
da347df57c88b125ede510dbe7fcc0f4
Targets
-
-
Target
16f4a3fc69b8b2b64db781127f898729b4ea712c835a3.exe
-
Size
4.4MB
-
MD5
594d7823440e565b0f1379be8f218e33
-
SHA1
07b3e8fc1d21fbbc13f7271d8eda4794ffa71861
-
SHA256
16f4a3fc69b8b2b64db781127f898729b4ea712c835a3ffc8b25021106f8245c
-
SHA512
b746afcbaad590c7fefe6c74c4ca076d97a74a91907272815f5be289ff1109ce257999d33600b5ec94b8b121305913cb10906c3f066bbbbdc2d7f1601bb9eca9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-