General
-
Target
b2008c255a7ec096e323066f647c9c218656a6c2e5c2e1189b58a45048dca4a0
-
Size
2.1MB
-
Sample
220625-lthxbafdcr
-
MD5
1811f486ee61752b7bb204edc2a48ef4
-
SHA1
651fd2262b47f6ab409d21a72093e83bee1cb9cd
-
SHA256
b2008c255a7ec096e323066f647c9c218656a6c2e5c2e1189b58a45048dca4a0
-
SHA512
519ceebc8118a953f6380ad05346ffcd1fb7ae6f9f0f6d68ec5ab8c8b3174bce81aef8011a572ea8d8dc7ac932b042a34879bc5fef5ba51f7b2d460073b8b19e
Static task
static1
Behavioral task
behavioral1
Sample
b2008c255a7ec096e323066f647c9c218656a6c2e5c2e1189b58a45048dca4a0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b2008c255a7ec096e323066f647c9c218656a6c2e5c2e1189b58a45048dca4a0.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
id19.04.20
185.248.102.232:5692
Targets
-
-
Target
b2008c255a7ec096e323066f647c9c218656a6c2e5c2e1189b58a45048dca4a0
-
Size
2.1MB
-
MD5
1811f486ee61752b7bb204edc2a48ef4
-
SHA1
651fd2262b47f6ab409d21a72093e83bee1cb9cd
-
SHA256
b2008c255a7ec096e323066f647c9c218656a6c2e5c2e1189b58a45048dca4a0
-
SHA512
519ceebc8118a953f6380ad05346ffcd1fb7ae6f9f0f6d68ec5ab8c8b3174bce81aef8011a572ea8d8dc7ac932b042a34879bc5fef5ba51f7b2d460073b8b19e
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-