General
-
Target
700d842449298f9aa1b8adc94699e4f695eb2943f270072bb6f9e32de8bcc723
-
Size
3.9MB
-
Sample
220708-kgtbvabeg7
-
MD5
a516952da7b6eaf4258fae3cd8220e6a
-
SHA1
8394aef4d5283291c664a57a8648f71fbff913b9
-
SHA256
700d842449298f9aa1b8adc94699e4f695eb2943f270072bb6f9e32de8bcc723
-
SHA512
d34deb2e71734fc7dd3007f40a56585acc336b3bd29b1ff451d390250f7b300a7981489720a9dfd6871a7121c632e579892545c7f9fd150845e1f6016a78a383
Static task
static1
Behavioral task
behavioral1
Sample
700d842449298f9aa1b8adc94699e4f695eb2943f270072bb6f9e32de8bcc723.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
01012021
95.217.250.25:3074
Targets
-
-
Target
700d842449298f9aa1b8adc94699e4f695eb2943f270072bb6f9e32de8bcc723
-
Size
3.9MB
-
MD5
a516952da7b6eaf4258fae3cd8220e6a
-
SHA1
8394aef4d5283291c664a57a8648f71fbff913b9
-
SHA256
700d842449298f9aa1b8adc94699e4f695eb2943f270072bb6f9e32de8bcc723
-
SHA512
d34deb2e71734fc7dd3007f40a56585acc336b3bd29b1ff451d390250f7b300a7981489720a9dfd6871a7121c632e579892545c7f9fd150845e1f6016a78a383
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-