General
-
Target
file.exe
-
Size
1.4MB
-
Sample
231030-p6dpxaeg83
-
MD5
5519ffb96b0c48f5965d0c15d8ece99f
-
SHA1
2def4d7771004569364ba8aeddb5e1399e25261a
-
SHA256
1e09031b34a7c56b7d3dd3a9e67d095e3d6e013ad1ebed86dacd39c112397ca4
-
SHA512
81b56a5935ec203541ea42189b420a2eb5f0b16e4e50d42977911e0aa8bd8ccbf4bbf475ecabc746c99848b96fa5ad435230764c0440da5237732990fc2f1385
-
SSDEEP
24576:cVOr1dDq9WySGZ89EWEFkrC9YoueueYheeiEh+AzXdX5zGluQGM0KxNUz:cVEdGgI89EWc9YwvYheeLIAzXSluQBhe
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231020-en
Malware Config
Extracted
redline
100k
77.232.38.234:80
Targets
-
-
Target
file.exe
-
Size
1.4MB
-
MD5
5519ffb96b0c48f5965d0c15d8ece99f
-
SHA1
2def4d7771004569364ba8aeddb5e1399e25261a
-
SHA256
1e09031b34a7c56b7d3dd3a9e67d095e3d6e013ad1ebed86dacd39c112397ca4
-
SHA512
81b56a5935ec203541ea42189b420a2eb5f0b16e4e50d42977911e0aa8bd8ccbf4bbf475ecabc746c99848b96fa5ad435230764c0440da5237732990fc2f1385
-
SSDEEP
24576:cVOr1dDq9WySGZ89EWEFkrC9YoueueYheeiEh+AzXdX5zGluQGM0KxNUz:cVEdGgI89EWc9YwvYheeLIAzXSluQBhe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-