General
-
Target
9a196db03378d5957629e16d07e48bb8cab8d86827f4faa0cd5249086eb2edf3
-
Size
5.6MB
-
Sample
220612-rjsxesahe8
-
MD5
1fedc5c9e8b4b2654ebf558c1725f8dc
-
SHA1
c617ed64d780fd0403bb1229342e9cbe523b4bbc
-
SHA256
9a196db03378d5957629e16d07e48bb8cab8d86827f4faa0cd5249086eb2edf3
-
SHA512
0c1a1f1bdbdc0d5d80c7f2f9bf5f6fd3b94ae3a8ceca4654c2301e4d0457d38b1b470040f1515b039c4004171aef7f70771e356aef9a5ecde6132454ef6d124f
Static task
static1
Behavioral task
behavioral1
Sample
9a196db03378d5957629e16d07e48bb8cab8d86827f4faa0cd5249086eb2edf3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9a196db03378d5957629e16d07e48bb8cab8d86827f4faa0cd5249086eb2edf3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
@whizzkid1
80.85.137.105:12734
Targets
-
-
Target
9a196db03378d5957629e16d07e48bb8cab8d86827f4faa0cd5249086eb2edf3
-
Size
5.6MB
-
MD5
1fedc5c9e8b4b2654ebf558c1725f8dc
-
SHA1
c617ed64d780fd0403bb1229342e9cbe523b4bbc
-
SHA256
9a196db03378d5957629e16d07e48bb8cab8d86827f4faa0cd5249086eb2edf3
-
SHA512
0c1a1f1bdbdc0d5d80c7f2f9bf5f6fd3b94ae3a8ceca4654c2301e4d0457d38b1b470040f1515b039c4004171aef7f70771e356aef9a5ecde6132454ef6d124f
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-