General
-
Target
7c4e837dd6f4979a8f8fe25e4c5c5a1db0fed7e75cad2024a66c31846b452558
-
Size
377KB
-
Sample
221206-yma94sha43
-
MD5
bffde0436bc59b7543a7222b6d41c471
-
SHA1
0ebb68b9e7f72ee1f33082620b9456e5b8891b3f
-
SHA256
7c4e837dd6f4979a8f8fe25e4c5c5a1db0fed7e75cad2024a66c31846b452558
-
SHA512
b21e86ea8902cd587ba35b585f3572a3b846080d64a3d2fc2d91fa83511b54f7c078c8383f8af44d2a62ba7a90e679dbda6ece1bc1bb1b8fb5de61234bb5d103
-
SSDEEP
6144:sWTyZo3L+uehQZgOks6PM0Li/WnhCw6z0SxWcoBlCmVeaV:sWeZmCueqWs6Ppienh6zOcWCqe
Static task
static1
Malware Config
Extracted
vidar
56.1
1148
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1148
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
7c4e837dd6f4979a8f8fe25e4c5c5a1db0fed7e75cad2024a66c31846b452558
-
Size
377KB
-
MD5
bffde0436bc59b7543a7222b6d41c471
-
SHA1
0ebb68b9e7f72ee1f33082620b9456e5b8891b3f
-
SHA256
7c4e837dd6f4979a8f8fe25e4c5c5a1db0fed7e75cad2024a66c31846b452558
-
SHA512
b21e86ea8902cd587ba35b585f3572a3b846080d64a3d2fc2d91fa83511b54f7c078c8383f8af44d2a62ba7a90e679dbda6ece1bc1bb1b8fb5de61234bb5d103
-
SSDEEP
6144:sWTyZo3L+uehQZgOks6PM0Li/WnhCw6z0SxWcoBlCmVeaV:sWeZmCueqWs6Ppienh6zOcWCqe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-