General
-
Target
186b2ec0748147cb799008263e8609221eb4cc0ff0b68dbb314a06b752fd388b
-
Size
4.0MB
-
Sample
220524-c57v5scgf9
-
MD5
c6f561d1133de9edf4e61f564c0033da
-
SHA1
6a08a99a7fb0efa14b99b2a3d48c08114e3fa666
-
SHA256
186b2ec0748147cb799008263e8609221eb4cc0ff0b68dbb314a06b752fd388b
-
SHA512
e32b0c556aad858522602a006a35c0a6b46d3db80a60c472afd5f714b3df098047c8c2b1c6f28b630eb537c07eb917ba8be42d3cfbfde01a6b3015e9faf224ab
Static task
static1
Behavioral task
behavioral1
Sample
186b2ec0748147cb799008263e8609221eb4cc0ff0b68dbb314a06b752fd388b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
186b2ec0748147cb799008263e8609221eb4cc0ff0b68dbb314a06b752fd388b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
id19.04.20
185.248.102.232:5692
Targets
-
-
Target
186b2ec0748147cb799008263e8609221eb4cc0ff0b68dbb314a06b752fd388b
-
Size
4.0MB
-
MD5
c6f561d1133de9edf4e61f564c0033da
-
SHA1
6a08a99a7fb0efa14b99b2a3d48c08114e3fa666
-
SHA256
186b2ec0748147cb799008263e8609221eb4cc0ff0b68dbb314a06b752fd388b
-
SHA512
e32b0c556aad858522602a006a35c0a6b46d3db80a60c472afd5f714b3df098047c8c2b1c6f28b630eb537c07eb917ba8be42d3cfbfde01a6b3015e9faf224ab
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-