General
-
Target
3f8ea350223347b7c1feab3a82091baf
-
Size
1.8MB
-
Sample
231225-17t9tsbba9
-
MD5
3f8ea350223347b7c1feab3a82091baf
-
SHA1
ab4ac82877e05f363ec79ac52fad0347591fbd3e
-
SHA256
532c7089ec69ccb7b99fee0f61f4019b3f0579bee96df3e6b44918c35d11ff21
-
SHA512
58aabbea475acd951df9ccbec9e4f413a80647c8bf8f966f139377a979389e8bf81c3070c0b582cc9f10c4c9af25c5d5443cd6a4bedf742639bded0fac8514d7
-
SSDEEP
49152:w0ibGTraiQZH7eIZ+peMqLIRvGLLrld7ox1TfbcUeSJJoczC:nrQ02+peDLvppmRkSJ2cu
Static task
static1
Behavioral task
behavioral1
Sample
3f8ea350223347b7c1feab3a82091baf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
3f8ea350223347b7c1feab3a82091baf.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
1
65.21.162.231:8696
Targets
-
-
Target
3f8ea350223347b7c1feab3a82091baf
-
Size
1.8MB
-
MD5
3f8ea350223347b7c1feab3a82091baf
-
SHA1
ab4ac82877e05f363ec79ac52fad0347591fbd3e
-
SHA256
532c7089ec69ccb7b99fee0f61f4019b3f0579bee96df3e6b44918c35d11ff21
-
SHA512
58aabbea475acd951df9ccbec9e4f413a80647c8bf8f966f139377a979389e8bf81c3070c0b582cc9f10c4c9af25c5d5443cd6a4bedf742639bded0fac8514d7
-
SSDEEP
49152:w0ibGTraiQZH7eIZ+peMqLIRvGLLrld7ox1TfbcUeSJJoczC:nrQ02+peDLvppmRkSJ2cu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-