General
-
Target
52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c
-
Size
1.4MB
-
Sample
220717-ckf7pabfc8
-
MD5
b630bd574756df49465fe6d7fb41e7d3
-
SHA1
628dd252c4a5e611093e722166e65c1d9ca55a80
-
SHA256
52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c
-
SHA512
e1b10edc631ff4650bc6a930e8ac30e9c02197997a22ce84e905d3c1a77e0bdb18afa78236a6e5840bf23cd1723920dd1aad96abea2a3afdf6aca2a82d10524d
Static task
static1
Behavioral task
behavioral1
Sample
52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
@JABKA9983
92.255.85.137:41320
-
auth_value
507a0c408947972b94cf44475f601269
Targets
-
-
Target
52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c
-
Size
1.4MB
-
MD5
b630bd574756df49465fe6d7fb41e7d3
-
SHA1
628dd252c4a5e611093e722166e65c1d9ca55a80
-
SHA256
52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c
-
SHA512
e1b10edc631ff4650bc6a930e8ac30e9c02197997a22ce84e905d3c1a77e0bdb18afa78236a6e5840bf23cd1723920dd1aad96abea2a3afdf6aca2a82d10524d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-