General
-
Target
VCI.exe
-
Size
3.5MB
-
Sample
230317-2qqezscc9z
-
MD5
ee74af356f2d99ac065a5773b82b7826
-
SHA1
e9000cc6c371d3f98e26d137e9d4e26459e9d75e
-
SHA256
7029f51838a7c14d72ed5694969c15586a0d3195029e7dc93ceb81d762a4e99b
-
SHA512
0af3d67375aeda73d09f1a8ce9e764e680a42d422bc5934d9bc7e5b34cec94a04de6ae801979699dd0652c5da19927ef436f81b7e70181f1cbd961d71f87d5c2
-
SSDEEP
98304:7jQaum2SU+n4wVomN/KWMbRNwLbOvMSJR72:7c1h+4wmN71HRC
Behavioral task
behavioral1
Sample
VCI.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
1488
65.109.178.6:28924
-
auth_value
46a8f9db9c605a70df518a7cbe03c570
Targets
-
-
Target
VCI.exe
-
Size
3.5MB
-
MD5
ee74af356f2d99ac065a5773b82b7826
-
SHA1
e9000cc6c371d3f98e26d137e9d4e26459e9d75e
-
SHA256
7029f51838a7c14d72ed5694969c15586a0d3195029e7dc93ceb81d762a4e99b
-
SHA512
0af3d67375aeda73d09f1a8ce9e764e680a42d422bc5934d9bc7e5b34cec94a04de6ae801979699dd0652c5da19927ef436f81b7e70181f1cbd961d71f87d5c2
-
SSDEEP
98304:7jQaum2SU+n4wVomN/KWMbRNwLbOvMSJR72:7c1h+4wmN71HRC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-