General
-
Target
d1964c1b30d01262eccaee06c600d726.exe
-
Size
1.5MB
-
Sample
221206-rg93xshc3w
-
MD5
d1964c1b30d01262eccaee06c600d726
-
SHA1
e213ef1a963cc1825b9183742bb2af555da72efe
-
SHA256
06ece311c226daf62863e5791def4efee02dacfeacc6b7635095d0a63b715a99
-
SHA512
02d5f5d71ef785dbc9a2c7bf960d60a19a7eeba3ae8227442c21ba153fc2443e0d1e5ec8319e70a55defcb1057f43d4f41602ba2089a64615dc3aaa8569d47a5
-
SSDEEP
49152:H2z+hNyiTobT9875vxVZTE90wa1GImyAZ:H2iobT981Ze0wwGIPAZ
Behavioral task
behavioral1
Sample
d1964c1b30d01262eccaee06c600d726.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
d1964c1b30d01262eccaee06c600d726.exe
-
Size
1.5MB
-
MD5
d1964c1b30d01262eccaee06c600d726
-
SHA1
e213ef1a963cc1825b9183742bb2af555da72efe
-
SHA256
06ece311c226daf62863e5791def4efee02dacfeacc6b7635095d0a63b715a99
-
SHA512
02d5f5d71ef785dbc9a2c7bf960d60a19a7eeba3ae8227442c21ba153fc2443e0d1e5ec8319e70a55defcb1057f43d4f41602ba2089a64615dc3aaa8569d47a5
-
SSDEEP
49152:H2z+hNyiTobT9875vxVZTE90wa1GImyAZ:H2iobT981Ze0wwGIPAZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-