General
-
Target
473b161ab7fd8802a33d016898f513b190f4e238fcf652755900a182a44a28b7
-
Size
5.4MB
-
Sample
220714-h6v6macbam
-
MD5
e3d6dc87f0151a02413405cf24679168
-
SHA1
536c88ef259f430f9982159344878c714408aab0
-
SHA256
473b161ab7fd8802a33d016898f513b190f4e238fcf652755900a182a44a28b7
-
SHA512
82d3dadcc267e0f5f9f31ade49084cc7b56ffc80861d7b124cb6e2e4ec64eceff7d6b02dd6117a342e3bff5045e66a38cae4a940ce6f3c7c6ee4cd90bb81f855
Static task
static1
Behavioral task
behavioral1
Sample
473b161ab7fd8802a33d016898f513b190f4e238fcf652755900a182a44a28b7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
473b161ab7fd8802a33d016898f513b190f4e238fcf652755900a182a44a28b7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
@whizzkid1
185.215.113.83:60722
-
auth_value
ff9f6167737e6e2ab682ab9de72ded7d
Targets
-
-
Target
473b161ab7fd8802a33d016898f513b190f4e238fcf652755900a182a44a28b7
-
Size
5.4MB
-
MD5
e3d6dc87f0151a02413405cf24679168
-
SHA1
536c88ef259f430f9982159344878c714408aab0
-
SHA256
473b161ab7fd8802a33d016898f513b190f4e238fcf652755900a182a44a28b7
-
SHA512
82d3dadcc267e0f5f9f31ade49084cc7b56ffc80861d7b124cb6e2e4ec64eceff7d6b02dd6117a342e3bff5045e66a38cae4a940ce6f3c7c6ee4cd90bb81f855
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-