General
-
Target
Setup.exe
-
Size
2.3MB
-
Sample
220725-qvrm3aeegm
-
MD5
1a77a27e668ff5f33dce91195654eac7
-
SHA1
548ba4ca97a1beb75e81ac0a7ad4a72a77e70e2f
-
SHA256
d8e63e9274c2bf3cf91802566a9633ac6b4bb50707e71047eecf8e15d61cc5ff
-
SHA512
5048415febfd8602a739b69e37d89c3d66553b72642320c44af1ac8073877d65488f04d19653f01db94df1e6f9d0a36d153f78510ce63df49b1a9aafc6152c77
Malware Config
Extracted
redline
@Ifeelallemptyinside
51.254.187.177:3705
Targets
-
-
Target
Setup.exe
-
Size
2.3MB
-
MD5
1a77a27e668ff5f33dce91195654eac7
-
SHA1
548ba4ca97a1beb75e81ac0a7ad4a72a77e70e2f
-
SHA256
d8e63e9274c2bf3cf91802566a9633ac6b4bb50707e71047eecf8e15d61cc5ff
-
SHA512
5048415febfd8602a739b69e37d89c3d66553b72642320c44af1ac8073877d65488f04d19653f01db94df1e6f9d0a36d153f78510ce63df49b1a9aafc6152c77
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-