General
-
Target
452a8d5f7cab2edc1e7071ee5b336c33c43fe002033f7734d0ce8170ddf36380
-
Size
163KB
-
Sample
221117-1rw4gsbh4t
-
MD5
9e8f925203107e007f6f5aa0e580ca22
-
SHA1
6a84b8fb2cafd94bb763cbde37b15498cd042b5d
-
SHA256
452a8d5f7cab2edc1e7071ee5b336c33c43fe002033f7734d0ce8170ddf36380
-
SHA512
618eb0b2436728b9f331f1265f5e493ca166d44c5fe8decbb7d862c76a47fb1b01e7cd99219e01540367060c0b79c988d7dec79dbe25e0fe965fd92df85ccd35
-
SSDEEP
3072:rTr+dI/pWrUus548z9oaOpqVvqsTpfngCVG:rn4cSUq/AJg
Static task
static1
Malware Config
Extracted
redline
5m
chardhesha.xyz:81
jalocliche.xyz:81
-
auth_value
7c8e8b4b3a28fd1de43f43277f38b9e3
Extracted
vidar
55.7
1827
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1827
Extracted
redline
New2022
185.106.92.111:2510
-
auth_value
ef6fe7baf59e3191ff2f569e3bf0e2c7
Targets
-
-
Target
452a8d5f7cab2edc1e7071ee5b336c33c43fe002033f7734d0ce8170ddf36380
-
Size
163KB
-
MD5
9e8f925203107e007f6f5aa0e580ca22
-
SHA1
6a84b8fb2cafd94bb763cbde37b15498cd042b5d
-
SHA256
452a8d5f7cab2edc1e7071ee5b336c33c43fe002033f7734d0ce8170ddf36380
-
SHA512
618eb0b2436728b9f331f1265f5e493ca166d44c5fe8decbb7d862c76a47fb1b01e7cd99219e01540367060c0b79c988d7dec79dbe25e0fe965fd92df85ccd35
-
SSDEEP
3072:rTr+dI/pWrUus548z9oaOpqVvqsTpfngCVG:rn4cSUq/AJg
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-