General
-
Target
91e86e8c41c94156311c5c6aa35af12e625eac106d596c968afcc7492056acec
-
Size
2.4MB
-
Sample
220708-hy6mdseegp
-
MD5
86815adf99d0c173d62e455627c1cd24
-
SHA1
b604cefa0bee92301f10e4fce9ca9bf100187274
-
SHA256
91e86e8c41c94156311c5c6aa35af12e625eac106d596c968afcc7492056acec
-
SHA512
23e239daa70d37cdadc5b56a7327e31d64478f4577c05687d019a82e239644eee32539a4e12f63a1fae1c91956ed33378555e6a58601475f00df37aef5a70878
Static task
static1
Behavioral task
behavioral1
Sample
91e86e8c41c94156311c5c6aa35af12e625eac106d596c968afcc7492056acec.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
3535
45.144.29.68:35200
Targets
-
-
Target
91e86e8c41c94156311c5c6aa35af12e625eac106d596c968afcc7492056acec
-
Size
2.4MB
-
MD5
86815adf99d0c173d62e455627c1cd24
-
SHA1
b604cefa0bee92301f10e4fce9ca9bf100187274
-
SHA256
91e86e8c41c94156311c5c6aa35af12e625eac106d596c968afcc7492056acec
-
SHA512
23e239daa70d37cdadc5b56a7327e31d64478f4577c05687d019a82e239644eee32539a4e12f63a1fae1c91956ed33378555e6a58601475f00df37aef5a70878
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-