General
-
Target
c3082a6056417f1f60aa37f5ad223fd7ea7d5d1884f74b38dcfe4f50ddc61e99
-
Size
2.3MB
-
Sample
220708-vfqjnsddf5
-
MD5
bf9c904c2931de5d812ddbc138b3c4ab
-
SHA1
4a0838a7ab0138180a25315c1e415912586e191b
-
SHA256
c3082a6056417f1f60aa37f5ad223fd7ea7d5d1884f74b38dcfe4f50ddc61e99
-
SHA512
84f8060db1ad90eafcec7b058018733981d3477c750bed89deaf5a5a9e56c906dfc49a95c88fa9f9ea8b6a9790b9561f7dd4026fda14e02622e8a9f45c8adcc5
Static task
static1
Behavioral task
behavioral1
Sample
c3082a6056417f1f60aa37f5ad223fd7ea7d5d1884f74b38dcfe4f50ddc61e99.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
3.01.1222
188.241.39.163:45250
Targets
-
-
Target
c3082a6056417f1f60aa37f5ad223fd7ea7d5d1884f74b38dcfe4f50ddc61e99
-
Size
2.3MB
-
MD5
bf9c904c2931de5d812ddbc138b3c4ab
-
SHA1
4a0838a7ab0138180a25315c1e415912586e191b
-
SHA256
c3082a6056417f1f60aa37f5ad223fd7ea7d5d1884f74b38dcfe4f50ddc61e99
-
SHA512
84f8060db1ad90eafcec7b058018733981d3477c750bed89deaf5a5a9e56c906dfc49a95c88fa9f9ea8b6a9790b9561f7dd4026fda14e02622e8a9f45c8adcc5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-