General
-
Target
28d7cca01dae0162d67415cd1cbef77d4c5fab01f33040011947d25771326495
-
Size
173KB
-
Sample
220921-3z9qnacher
-
MD5
958b3849df777d319a0d2fb998acae59
-
SHA1
aa53c0899526475aa6c938b8eb0c154b4393a641
-
SHA256
28d7cca01dae0162d67415cd1cbef77d4c5fab01f33040011947d25771326495
-
SHA512
c29c509bd7875ee4e81d2fdea3e79feff878a0be38d7f0fe84251f47f1704cdd99f10516c5059160545a53a6d83bd1b723c8fea8743c324147993e47f9b11add
-
SSDEEP
3072:zU0LzJ/xM5k8W0XlrCkmR9b/pBi8ABgcR/Pk9Dn:7LzHmW+CxR9G8w
Static task
static1
Behavioral task
behavioral1
Sample
28d7cca01dae0162d67415cd1cbef77d4c5fab01f33040011947d25771326495.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Targets
-
-
Target
28d7cca01dae0162d67415cd1cbef77d4c5fab01f33040011947d25771326495
-
Size
173KB
-
MD5
958b3849df777d319a0d2fb998acae59
-
SHA1
aa53c0899526475aa6c938b8eb0c154b4393a641
-
SHA256
28d7cca01dae0162d67415cd1cbef77d4c5fab01f33040011947d25771326495
-
SHA512
c29c509bd7875ee4e81d2fdea3e79feff878a0be38d7f0fe84251f47f1704cdd99f10516c5059160545a53a6d83bd1b723c8fea8743c324147993e47f9b11add
-
SSDEEP
3072:zU0LzJ/xM5k8W0XlrCkmR9b/pBi8ABgcR/Pk9Dn:7LzHmW+CxR9G8w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-