General
-
Target
4697ba3dd7344e258c0e9b0610a3fa4e3e41a6c6b03b81a5ab13c32824c729c5
-
Size
377KB
-
Sample
221206-rv126sad5z
-
MD5
09d3e9b4c962319455719076104dbf66
-
SHA1
eaaf7964b79d7a25e4045a94b246260a759c434b
-
SHA256
4697ba3dd7344e258c0e9b0610a3fa4e3e41a6c6b03b81a5ab13c32824c729c5
-
SHA512
a1c100cd31d9fe47128f332b27ce0c11987a101e2e1b13b7ae4edf9c2be207c1409b7d23a8bf8b1d71f35a5e29e614e534fc746e028be09d0f4616b04de9fe84
-
SSDEEP
6144:EIAqvLz5e3+V+k5GNtqJyVEc/3AId/yigBfCtPMk:EIAofk32wSgVZ/QiyzB
Static task
static1
Behavioral task
behavioral1
Sample
4697ba3dd7344e258c0e9b0610a3fa4e3e41a6c6b03b81a5ab13c32824c729c5.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
4697ba3dd7344e258c0e9b0610a3fa4e3e41a6c6b03b81a5ab13c32824c729c5
-
Size
377KB
-
MD5
09d3e9b4c962319455719076104dbf66
-
SHA1
eaaf7964b79d7a25e4045a94b246260a759c434b
-
SHA256
4697ba3dd7344e258c0e9b0610a3fa4e3e41a6c6b03b81a5ab13c32824c729c5
-
SHA512
a1c100cd31d9fe47128f332b27ce0c11987a101e2e1b13b7ae4edf9c2be207c1409b7d23a8bf8b1d71f35a5e29e614e534fc746e028be09d0f4616b04de9fe84
-
SSDEEP
6144:EIAqvLz5e3+V+k5GNtqJyVEc/3AId/yigBfCtPMk:EIAofk32wSgVZ/QiyzB
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-