General
-
Target
Installer.rar
-
Size
799KB
-
Sample
230125-l83v2ahd2s
-
MD5
03f02231590dd56432382a9d1416eb68
-
SHA1
7a7517d51d4933e5b05a1009d8edfb8e1eb49bc7
-
SHA256
e42c3e841ee2520f38449522ec9d65b1bea1f3b132f0a0f4a5d35e139cbfb54a
-
SHA512
144390c8fb5a235b435caa4c19aef0ad15b899ce58465c935bd6e7dd8787265632d1b88c3f138ae20932bb2d3e1713b4d3d481c71cc559b4d7e339cc009c551b
-
SSDEEP
12288:UQi8/lxghkeEa99UiyV2HqcTZim0J9tt1zgX9FBEmhOZTU3fYEyrP9xyiWl+lN2q:V/lS/ETtgKcZwH3UshTUIxc0N2jw4q1
Static task
static1
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Installer.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
@UncleTravis
45.15.156.155:80
-
auth_value
b896f4c4d2610586a8f6e7ead9c5ec7f
Targets
-
-
Target
Installer.exe
-
Size
2.2MB
-
MD5
7f4e95b1c70c25c9b0954aab4d81b71a
-
SHA1
b508c5615884e687d346f8419251017b75e6e344
-
SHA256
b0d2e2e336fa7f582365371bfce4adda6ddcba26a45c8747d8d0f8c7d45e2007
-
SHA512
fcd66fa6598f4c061833def0f3645de29bdf8279e9e66917825667fd33f76705144dd76106411267c4681e6d223a6d5c9f96a1c665b209b2ff38c48608c95285
-
SSDEEP
24576:uwADqHUdg/oRHawXbFkzJIRPciYafr8sQi3vIOZTF2yGgqMxVlojQn7SCtCwxIzE:2Gr/ULBHLbH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-