General
-
Target
3ede1f8a85e3b293a8eac1149953773d9271e7067a5236857d7528569b1db56d
-
Size
2.2MB
-
Sample
220701-e8kacseag6
-
MD5
ab36d5484657d700820485fbf083ee2e
-
SHA1
0eaa22b0bc5e9a4fb77a12c5704be85144cb815c
-
SHA256
3ede1f8a85e3b293a8eac1149953773d9271e7067a5236857d7528569b1db56d
-
SHA512
728d0d7c4859f1e828433076e0751a937b651f7b7cf4948ba16836aa36e9a143eeb2584c1edf9d21458b861d6c4a927409d4b1b0a318adae57e7337a34172b79
Static task
static1
Behavioral task
behavioral1
Sample
3ede1f8a85e3b293a8eac1149953773d9271e7067a5236857d7528569b1db56d.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
proliv11
144.76.183.53:63565
Targets
-
-
Target
3ede1f8a85e3b293a8eac1149953773d9271e7067a5236857d7528569b1db56d
-
Size
2.2MB
-
MD5
ab36d5484657d700820485fbf083ee2e
-
SHA1
0eaa22b0bc5e9a4fb77a12c5704be85144cb815c
-
SHA256
3ede1f8a85e3b293a8eac1149953773d9271e7067a5236857d7528569b1db56d
-
SHA512
728d0d7c4859f1e828433076e0751a937b651f7b7cf4948ba16836aa36e9a143eeb2584c1edf9d21458b861d6c4a927409d4b1b0a318adae57e7337a34172b79
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-