General
-
Target
7c290838403800a0ab463efa43ed7ba9c38b7ece1aa68ddd125a26eefedf5fca
-
Size
4.1MB
-
Sample
220708-shzt1sfbfl
-
MD5
956be8fd2f1c87c406c84ded0b45ce72
-
SHA1
5ae5d185585756f99448bd0f3410abd7a59bf557
-
SHA256
7c290838403800a0ab463efa43ed7ba9c38b7ece1aa68ddd125a26eefedf5fca
-
SHA512
e79f770e27f7638b4c7d27c6489f43a4af21b1b3ed6a8c71158e00cfd98f4f3cc7991ee464e8fac0a523e76dad243351e6ce4017eaf8f1fb6f862921a975c09a
Static task
static1
Behavioral task
behavioral1
Sample
7c290838403800a0ab463efa43ed7ba9c38b7ece1aa68ddd125a26eefedf5fca.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
01012021
95.217.250.25:3074
Targets
-
-
Target
7c290838403800a0ab463efa43ed7ba9c38b7ece1aa68ddd125a26eefedf5fca
-
Size
4.1MB
-
MD5
956be8fd2f1c87c406c84ded0b45ce72
-
SHA1
5ae5d185585756f99448bd0f3410abd7a59bf557
-
SHA256
7c290838403800a0ab463efa43ed7ba9c38b7ece1aa68ddd125a26eefedf5fca
-
SHA512
e79f770e27f7638b4c7d27c6489f43a4af21b1b3ed6a8c71158e00cfd98f4f3cc7991ee464e8fac0a523e76dad243351e6ce4017eaf8f1fb6f862921a975c09a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-