General
-
Target
7d8600d5b4bcd5e353b0eff070275d17beb110a12fcd518a1b99d13edf96e4f8
-
Size
378KB
-
Sample
221206-n5qgmsac6w
-
MD5
8b9827570321a0758ed35c59c0f23d76
-
SHA1
b9f0c0070b0502f0e532c5d336179b0622911448
-
SHA256
7d8600d5b4bcd5e353b0eff070275d17beb110a12fcd518a1b99d13edf96e4f8
-
SHA512
0cff9065057c6bb545f89a8d761fd5a59a30964189693051202df725b341745a5bc6ab6f3d6c343e6205f4dc2f3d36ed6fefbdc523faf44c1329284382a1d61c
-
SSDEEP
6144:XV1yABL34ml/b2chs5prNl99wAnF2yigD10P0cBlwPMk:Xby8j4ml/ScuhJF2yzD1Y04l
Static task
static1
Behavioral task
behavioral1
Sample
7d8600d5b4bcd5e353b0eff070275d17beb110a12fcd518a1b99d13edf96e4f8.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
7d8600d5b4bcd5e353b0eff070275d17beb110a12fcd518a1b99d13edf96e4f8
-
Size
378KB
-
MD5
8b9827570321a0758ed35c59c0f23d76
-
SHA1
b9f0c0070b0502f0e532c5d336179b0622911448
-
SHA256
7d8600d5b4bcd5e353b0eff070275d17beb110a12fcd518a1b99d13edf96e4f8
-
SHA512
0cff9065057c6bb545f89a8d761fd5a59a30964189693051202df725b341745a5bc6ab6f3d6c343e6205f4dc2f3d36ed6fefbdc523faf44c1329284382a1d61c
-
SSDEEP
6144:XV1yABL34ml/b2chs5prNl99wAnF2yigD10P0cBlwPMk:Xby8j4ml/ScuhJF2yzD1Y04l
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-