General
-
Target
6fc576d66d4c61354667b33fecfa1674b6d7f92cc4df6789ea07f9ecb14f3de0
-
Size
2.5MB
-
Sample
220708-wzkyzaeabj
-
MD5
f29369a72e33a2da7b08887bf0252958
-
SHA1
74e6cc68ce1aa40661c8fe576280707112aedf5f
-
SHA256
6fc576d66d4c61354667b33fecfa1674b6d7f92cc4df6789ea07f9ecb14f3de0
-
SHA512
c657013a482517cd29f768545c7e5dff43c3137213192eeb99a83f20a219e8149e257e92822bf1699c3388904f3ddac565b5f04628357d1f13e0fda286bb3232
Static task
static1
Behavioral task
behavioral1
Sample
6fc576d66d4c61354667b33fecfa1674b6d7f92cc4df6789ea07f9ecb14f3de0.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
31.12.111
188.241.39.163:45250
Targets
-
-
Target
6fc576d66d4c61354667b33fecfa1674b6d7f92cc4df6789ea07f9ecb14f3de0
-
Size
2.5MB
-
MD5
f29369a72e33a2da7b08887bf0252958
-
SHA1
74e6cc68ce1aa40661c8fe576280707112aedf5f
-
SHA256
6fc576d66d4c61354667b33fecfa1674b6d7f92cc4df6789ea07f9ecb14f3de0
-
SHA512
c657013a482517cd29f768545c7e5dff43c3137213192eeb99a83f20a219e8149e257e92822bf1699c3388904f3ddac565b5f04628357d1f13e0fda286bb3232
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-