General
-
Target
file.exe
-
Size
2.9MB
-
Sample
221205-l83v2adf9v
-
MD5
1e46438f13693aaa0f35a0c796d60c61
-
SHA1
a4cfbb31c87c7368554a5081157382bedded6551
-
SHA256
97df47266aba1d8e7c70c88c8bf0851a53579dfac7d2bb6545ca85e809bbf1c6
-
SHA512
b0348e5f8962261a64130208c86321afebaff4fe1b1cb2b164a8bc35dca73ecfaaf7d2348865bee88233f3feeff3deb2884f23e86c66ee88270f55c6252c4778
-
SSDEEP
49152:zgVPqtIzOYelWFO5zKLV/28K6gCCLP8FL5A3mACFkHtNX6GB4I7pvIOSA:z4PSInelcYwVVK677DkHLXlB4CIPA
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
Install
manddarinn.art:81
-
auth_value
f9affed97251c08e7a096257ba9edfb2
Targets
-
-
Target
file.exe
-
Size
2.9MB
-
MD5
1e46438f13693aaa0f35a0c796d60c61
-
SHA1
a4cfbb31c87c7368554a5081157382bedded6551
-
SHA256
97df47266aba1d8e7c70c88c8bf0851a53579dfac7d2bb6545ca85e809bbf1c6
-
SHA512
b0348e5f8962261a64130208c86321afebaff4fe1b1cb2b164a8bc35dca73ecfaaf7d2348865bee88233f3feeff3deb2884f23e86c66ee88270f55c6252c4778
-
SSDEEP
49152:zgVPqtIzOYelWFO5zKLV/28K6gCCLP8FL5A3mACFkHtNX6GB4I7pvIOSA:z4PSInelcYwVVK677DkHLXlB4CIPA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-