General
-
Target
FAKER.exe
-
Size
4.4MB
-
Sample
220410-fvt33secgk
-
MD5
b88cea07d2747515153fce80d440b5d8
-
SHA1
88363891989152037eb34703e85f2bffedf046cd
-
SHA256
f188400dfc71e090fa33acad03a012bb27c13cbb673fbcf8cb567857040b0d49
-
SHA512
2552fc6fdb4ae2269eae25b4055a461102f20893cbf1e64ea1d4c33ca347d562f9a4be487e7289ad3b62b66713c7a4e48f523a3868efe5e2b7cc3e3cbc8783f0
Static task
static1
Behavioral task
behavioral1
Sample
FAKER.exe
Resource
win7-20220311-en
Malware Config
Extracted
redline
2
65.108.0.47:9436
-
auth_value
8ef2f7e3bf71e827d3411c71c9064440
Targets
-
-
Target
FAKER.exe
-
Size
4.4MB
-
MD5
b88cea07d2747515153fce80d440b5d8
-
SHA1
88363891989152037eb34703e85f2bffedf046cd
-
SHA256
f188400dfc71e090fa33acad03a012bb27c13cbb673fbcf8cb567857040b0d49
-
SHA512
2552fc6fdb4ae2269eae25b4055a461102f20893cbf1e64ea1d4c33ca347d562f9a4be487e7289ad3b62b66713c7a4e48f523a3868efe5e2b7cc3e3cbc8783f0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-