General
-
Target
f22db49eb28bed665323bb791d0212a726ddc4c2c8abf0c90c8b33221ada9327
-
Size
274KB
-
Sample
221207-ggzl3sad52
-
MD5
4b37463b99d718640c39c17913be9823
-
SHA1
ff04559f82f6172dcd40df67219adbab4297a8d0
-
SHA256
f22db49eb28bed665323bb791d0212a726ddc4c2c8abf0c90c8b33221ada9327
-
SHA512
3238389965842debee424428c33518c642bfc0440794a23c409b0f30b33c341bccf3003fd85e6c7cb971ccbcc99bd434153aa25351953b5935805c884fa8927f
-
SSDEEP
6144:H1fxU+meDCNl4QfoJy7RlfMCF7UEMusZ00:HtNmLNmQA2jFwEMus
Static task
static1
Malware Config
Extracted
redline
YT
65.21.5.58:48811
-
auth_value
fb878dde7f3b4ad1e1bc26d24db36d28
Targets
-
-
Target
f22db49eb28bed665323bb791d0212a726ddc4c2c8abf0c90c8b33221ada9327
-
Size
274KB
-
MD5
4b37463b99d718640c39c17913be9823
-
SHA1
ff04559f82f6172dcd40df67219adbab4297a8d0
-
SHA256
f22db49eb28bed665323bb791d0212a726ddc4c2c8abf0c90c8b33221ada9327
-
SHA512
3238389965842debee424428c33518c642bfc0440794a23c409b0f30b33c341bccf3003fd85e6c7cb971ccbcc99bd434153aa25351953b5935805c884fa8927f
-
SSDEEP
6144:H1fxU+meDCNl4QfoJy7RlfMCF7UEMusZ00:HtNmLNmQA2jFwEMus
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-