General
-
Target
3889fb0984883bfa7159ba2d8693194120d5e80e0673ca6e5950fdda54dae3e3
-
Size
2.4MB
-
Sample
221130-qtte9seb92
-
MD5
87bd5a17b44f7596e7c51dc18d5e512a
-
SHA1
5e4b5e5310fd399513c4e718a374f716d4a2aae9
-
SHA256
3889fb0984883bfa7159ba2d8693194120d5e80e0673ca6e5950fdda54dae3e3
-
SHA512
7cd5b7b1dff4ab64aa5331af73e345cbcb3a1e9b7d718bd8d91986b7c2d7bbc96deb97c47eb119b1662632e5be37cc70c896aed704bba34a83c4629e85690100
-
SSDEEP
49152:35HgdzzCYIDYQlJqCHKaN7pjHLV4mN5sbSjsen0X6tIO:35Ad3QNDKgV4W9jJ0X6b
Behavioral task
behavioral1
Sample
3889fb0984883bfa7159ba2d8693194120d5e80e0673ca6e5950fdda54dae3e3.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
main
185.180.231.94:3214
Targets
-
-
Target
3889fb0984883bfa7159ba2d8693194120d5e80e0673ca6e5950fdda54dae3e3
-
Size
2.4MB
-
MD5
87bd5a17b44f7596e7c51dc18d5e512a
-
SHA1
5e4b5e5310fd399513c4e718a374f716d4a2aae9
-
SHA256
3889fb0984883bfa7159ba2d8693194120d5e80e0673ca6e5950fdda54dae3e3
-
SHA512
7cd5b7b1dff4ab64aa5331af73e345cbcb3a1e9b7d718bd8d91986b7c2d7bbc96deb97c47eb119b1662632e5be37cc70c896aed704bba34a83c4629e85690100
-
SSDEEP
49152:35HgdzzCYIDYQlJqCHKaN7pjHLV4mN5sbSjsen0X6tIO:35Ad3QNDKgV4W9jJ0X6b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-