General
-
Target
8734C057703087FE126636FBB1FA6B367D10E8F192307.exe
-
Size
732KB
-
Sample
220520-mjgf6sddbk
-
MD5
72373a16a801b46d2647eb6e2e146538
-
SHA1
1d0e360c9d24cf3c8bbbece9f43601d8abb74fc5
-
SHA256
8734c057703087fe126636fbb1fa6b367d10e8f192307987fa3d81efdf6258c1
-
SHA512
65631c8c4080493d5125c8eaac546adb45becfab653d679b54c4e3b269e0050c11fd4aa69cf073b9ecd05e2eff2f774657892fbf3e36533b850e3f019c926986
Static task
static1
Behavioral task
behavioral1
Sample
8734C057703087FE126636FBB1FA6B367D10E8F192307.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
777
107.175.65.144:41825
-
auth_value
8ff2bff46289ab145ce573ede9b4258f
Targets
-
-
Target
8734C057703087FE126636FBB1FA6B367D10E8F192307.exe
-
Size
732KB
-
MD5
72373a16a801b46d2647eb6e2e146538
-
SHA1
1d0e360c9d24cf3c8bbbece9f43601d8abb74fc5
-
SHA256
8734c057703087fe126636fbb1fa6b367d10e8f192307987fa3d81efdf6258c1
-
SHA512
65631c8c4080493d5125c8eaac546adb45becfab653d679b54c4e3b269e0050c11fd4aa69cf073b9ecd05e2eff2f774657892fbf3e36533b850e3f019c926986
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-