General
-
Target
Pass_2023_Setup.rar.html
-
Size
19KB
-
Sample
230401-cszn1agg2s
-
MD5
e714b3ab1380b7acf4f572d570125444
-
SHA1
9359a9069f5cdfe9a7ff8c372aab9f543516f17d
-
SHA256
948138b91d471c0c5e690b2a25e677723caaa2698e0f156b945f056545faa4bc
-
SHA512
35cd9e548b1be61fec56c2626f0bc13352faba93cd528e7492ccb5682737b9f514430e6379e40b951ae0213806ee77536175009c27653fad6a2b94533951a88f
-
SSDEEP
384:boJylIn7xpYwuu504YfeHYK3DRzhU3E8+UUKIz40qo+Q0aN0ba9l3eBizEmZX3:boJCIn7XY20tODRzh4E8+UUKIz40qoWu
Static task
static1
Malware Config
Extracted
redline
youtube02
176.113.115.220:80
-
auth_value
ac97023fed55cb3e4792a779ef00ca98
Targets
-
-
Target
Pass_2023_Setup.rar.html
-
Size
19KB
-
MD5
e714b3ab1380b7acf4f572d570125444
-
SHA1
9359a9069f5cdfe9a7ff8c372aab9f543516f17d
-
SHA256
948138b91d471c0c5e690b2a25e677723caaa2698e0f156b945f056545faa4bc
-
SHA512
35cd9e548b1be61fec56c2626f0bc13352faba93cd528e7492ccb5682737b9f514430e6379e40b951ae0213806ee77536175009c27653fad6a2b94533951a88f
-
SSDEEP
384:boJylIn7xpYwuu504YfeHYK3DRzhU3E8+UUKIz40qo+Q0aN0ba9l3eBizEmZX3:boJCIn7XY20tODRzh4E8+UUKIz40qoWu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-