General
-
Target
c04ee69d4859dae239a6f55a89ebc3ccc181559bbec2f72b46272d6dd65ad271
-
Size
2.2MB
-
Sample
221125-kfcygadg92
-
MD5
9b0d8b795f61f7472524745ff96ad886
-
SHA1
dbfac57f36694902a31d520f102dd0235c3729e5
-
SHA256
c04ee69d4859dae239a6f55a89ebc3ccc181559bbec2f72b46272d6dd65ad271
-
SHA512
2d1486ce1caff139f908bf05099b74d78eefda8872601da1afbef8da36101cdfd48f37a446cfa3fb9e009591aae36c8338501d3af7d3098b940ab2f456493fde
-
SSDEEP
49152:UFhW825qH16UG7elCh8civUALsBclbqJQHguIry1PRnDBRS/:UFo82qVPrPLsMbqJQsQDB
Behavioral task
behavioral1
Sample
c04ee69d4859dae239a6f55a89ebc3ccc181559bbec2f72b46272d6dd65ad271.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
11
188.119.113.153:81
Targets
-
-
Target
c04ee69d4859dae239a6f55a89ebc3ccc181559bbec2f72b46272d6dd65ad271
-
Size
2.2MB
-
MD5
9b0d8b795f61f7472524745ff96ad886
-
SHA1
dbfac57f36694902a31d520f102dd0235c3729e5
-
SHA256
c04ee69d4859dae239a6f55a89ebc3ccc181559bbec2f72b46272d6dd65ad271
-
SHA512
2d1486ce1caff139f908bf05099b74d78eefda8872601da1afbef8da36101cdfd48f37a446cfa3fb9e009591aae36c8338501d3af7d3098b940ab2f456493fde
-
SSDEEP
49152:UFhW825qH16UG7elCh8civUALsBclbqJQHguIry1PRnDBRS/:UFo82qVPrPLsMbqJQsQDB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-