General
-
Target
file.exe
-
Size
2.0MB
-
Sample
221208-ycdbqaea91
-
MD5
0d0d2e933b2796fd0d0a7bc296000bed
-
SHA1
9f45970fbfb62d69c103e6fa8e27965c24bc6940
-
SHA256
9d4a5344f0cb03807c0857078c93768d2ab92ad9cd8aec51922fd80137773ee1
-
SHA512
c6c0858a782f58e271a3327db540dcdadd4ec409b1cd52bb90a7991621795816feddead0cc393a28e3236f03446f1a37759f094a1d5df50fa36d44bae8b3b147
-
SSDEEP
49152:d6heut8c9ExIyQ/WmixiDxBc6/xeCXzC2IDWV3mSzDexaEu6aT:shrt8QyqiANBLG2IDWzzDexJL0
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
Install
manddarinn.art:81
-
auth_value
f9affed97251c08e7a096257ba9edfb2
Targets
-
-
Target
file.exe
-
Size
2.0MB
-
MD5
0d0d2e933b2796fd0d0a7bc296000bed
-
SHA1
9f45970fbfb62d69c103e6fa8e27965c24bc6940
-
SHA256
9d4a5344f0cb03807c0857078c93768d2ab92ad9cd8aec51922fd80137773ee1
-
SHA512
c6c0858a782f58e271a3327db540dcdadd4ec409b1cd52bb90a7991621795816feddead0cc393a28e3236f03446f1a37759f094a1d5df50fa36d44bae8b3b147
-
SSDEEP
49152:d6heut8c9ExIyQ/WmixiDxBc6/xeCXzC2IDWV3mSzDexaEu6aT:shrt8QyqiANBLG2IDWzzDexJL0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-