General
-
Target
84tor
-
Size
2.4MB
-
Sample
220626-fytlqaade5
-
MD5
f9ce2da9564db8c5f99ef2822669cdb2
-
SHA1
89904ea89f5114567d7f5bda9a46414e80b9b8d1
-
SHA256
0200431b94084f2b3509336ae5f27a034c8d93b8281d3a45e010299a051f2e8f
-
SHA512
9fbb4bf21dc1c0c18a85a1fd346cba6b90e62a37424ddac8877939e1dad97062aee4327262c0632a94c072aef50a5f24803f391f8f47493b65a823083b3b04f7
Static task
static1
Behavioral task
behavioral1
Sample
84tor.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
cheat
84.38.132.100:29934
Targets
-
-
Target
84tor
-
Size
2.4MB
-
MD5
f9ce2da9564db8c5f99ef2822669cdb2
-
SHA1
89904ea89f5114567d7f5bda9a46414e80b9b8d1
-
SHA256
0200431b94084f2b3509336ae5f27a034c8d93b8281d3a45e010299a051f2e8f
-
SHA512
9fbb4bf21dc1c0c18a85a1fd346cba6b90e62a37424ddac8877939e1dad97062aee4327262c0632a94c072aef50a5f24803f391f8f47493b65a823083b3b04f7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-