General
-
Target
46845f7c914a0084996142ed6da24841684b228cf616566478132f4a2479823f
-
Size
1.4MB
-
Sample
220707-kfqvbshadq
-
MD5
748cb1cd9aba85527b004417ff814c4d
-
SHA1
bbeddd65368053979cdef86d44ccccf239347819
-
SHA256
46845f7c914a0084996142ed6da24841684b228cf616566478132f4a2479823f
-
SHA512
5f71fba7b6caefa447d65c0284268d421b1952ac67319f082da4f935bc438f8ace6a675775d5fc8ae46ce8dbfb1bd1f949aa42f3ea6665d766c04fe6f245d938
Static task
static1
Behavioral task
behavioral1
Sample
46845f7c914a0084996142ed6da24841684b228cf616566478132f4a2479823f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
46845f7c914a0084996142ed6da24841684b228cf616566478132f4a2479823f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
ddddd4
91.206.14.151:16764
-
auth_value
aca035896c58cf1d32837bf9302ebdc1
Targets
-
-
Target
46845f7c914a0084996142ed6da24841684b228cf616566478132f4a2479823f
-
Size
1.4MB
-
MD5
748cb1cd9aba85527b004417ff814c4d
-
SHA1
bbeddd65368053979cdef86d44ccccf239347819
-
SHA256
46845f7c914a0084996142ed6da24841684b228cf616566478132f4a2479823f
-
SHA512
5f71fba7b6caefa447d65c0284268d421b1952ac67319f082da4f935bc438f8ace6a675775d5fc8ae46ce8dbfb1bd1f949aa42f3ea6665d766c04fe6f245d938
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-