General
-
Target
91c91dd407422587981f0a77fec9f173d02baf1048658fdfa081ef8a934439b1
-
Size
2.7MB
-
Sample
231126-2d11yscf96
-
MD5
51715bae817a6663a0af48759cf295ba
-
SHA1
adc692bca60e3f83a6c73899f0be575c5e093b62
-
SHA256
91c91dd407422587981f0a77fec9f173d02baf1048658fdfa081ef8a934439b1
-
SHA512
149da22a70b3dac962ff302351dec1c514eb3925ea296658da5871526d85bbd71b9191e4dc95ed82215354d520ff84ecf081a30ce2f715c1b1974c8a92af8f4b
-
SSDEEP
49152:TszVkVkaNxAf5g4T8iIQqdaWUzVn6ac7YZ2vy+Ni0Nhsj1rc7x0sMkhuxdX3T4eS:gyVkaNxkxWUzV6aoYlqieh6Q7okk33w9
Behavioral task
behavioral1
Sample
91c91dd407422587981f0a77fec9f173d02baf1048658fdfa081ef8a934439b1.exe
Resource
win7-20231020-en
Malware Config
Extracted
redline
1120
194.49.94.77:22888
Targets
-
-
Target
91c91dd407422587981f0a77fec9f173d02baf1048658fdfa081ef8a934439b1
-
Size
2.7MB
-
MD5
51715bae817a6663a0af48759cf295ba
-
SHA1
adc692bca60e3f83a6c73899f0be575c5e093b62
-
SHA256
91c91dd407422587981f0a77fec9f173d02baf1048658fdfa081ef8a934439b1
-
SHA512
149da22a70b3dac962ff302351dec1c514eb3925ea296658da5871526d85bbd71b9191e4dc95ed82215354d520ff84ecf081a30ce2f715c1b1974c8a92af8f4b
-
SSDEEP
49152:TszVkVkaNxAf5g4T8iIQqdaWUzVn6ac7YZ2vy+Ni0Nhsj1rc7x0sMkhuxdX3T4eS:gyVkaNxkxWUzV6aoYlqieh6Q7okk33w9
-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-