General
-
Target
031e911ba53a0de18683a123fc3990141dd55c0712de3bc612c045b80df2d6f6
-
Size
4.3MB
-
Sample
220708-k2hqvaceh9
-
MD5
ba17639dd3bb526fc369621d8ed73e2b
-
SHA1
07cbc68938a57fb2bdd3c80de273df0f752f3bdb
-
SHA256
031e911ba53a0de18683a123fc3990141dd55c0712de3bc612c045b80df2d6f6
-
SHA512
7788c4859b4b6df79ac5895ebd51e4afc3c6567dcd0b417b78b63f7331cbc6547f45c547e73d573c87c08e27bac165e60df26eb3088730951e4ca1e773f750ce
Malware Config
Extracted
redline
01012021
95.217.250.25:3074
Targets
-
-
Target
031e911ba53a0de18683a123fc3990141dd55c0712de3bc612c045b80df2d6f6
-
Size
4.3MB
-
MD5
ba17639dd3bb526fc369621d8ed73e2b
-
SHA1
07cbc68938a57fb2bdd3c80de273df0f752f3bdb
-
SHA256
031e911ba53a0de18683a123fc3990141dd55c0712de3bc612c045b80df2d6f6
-
SHA512
7788c4859b4b6df79ac5895ebd51e4afc3c6567dcd0b417b78b63f7331cbc6547f45c547e73d573c87c08e27bac165e60df26eb3088730951e4ca1e773f750ce
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-