General
-
Target
New Project 1.bin
-
Size
13.2MB
-
Sample
220517-jj1y2agfh2
-
MD5
3516f6cae47d318527ba2a24391edf43
-
SHA1
cda159e20558c20d567f8745e30cb0dcde34e260
-
SHA256
57d2f478356b21d798ab32c030fe0fe8cf5ddd0ceb075b259090813558b6abd8
-
SHA512
f0d6e93743132d2c96060fe90667d61ee554228e3e72f7ba8914f012bee326ea61017daf2c63969cf04d918b6c87adc1cd4bd887480de3e2f97461a5b321c7db
Static task
static1
Behavioral task
behavioral1
Sample
New Project 1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
1502775644
95.143.178.231:11047
-
auth_value
6d1ba68e2d3a3dbe14d0406c631510fe
Extracted
redline
1137502411
193.232.179.34:20856
-
auth_value
bf80dce2076c6f3cb9ed05b510f4060e
Targets
-
-
Target
New Project 1.bin
-
Size
13.2MB
-
MD5
3516f6cae47d318527ba2a24391edf43
-
SHA1
cda159e20558c20d567f8745e30cb0dcde34e260
-
SHA256
57d2f478356b21d798ab32c030fe0fe8cf5ddd0ceb075b259090813558b6abd8
-
SHA512
f0d6e93743132d2c96060fe90667d61ee554228e3e72f7ba8914f012bee326ea61017daf2c63969cf04d918b6c87adc1cd4bd887480de3e2f97461a5b321c7db
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-