General
-
Target
3ed45844156ae062adebc2c60b09f690
-
Size
1.9MB
-
Sample
231225-1ymtdsgbcq
-
MD5
3ed45844156ae062adebc2c60b09f690
-
SHA1
ebe854e8ae5adde089d9c86cc488c285176ab4e6
-
SHA256
b1a9f10bab29785ba80cf307015aac3242b4589b84ff27e6abb9d9c5590d38b6
-
SHA512
39ebbaf600f8a756867c3a78f67c3c21e843fa2d0e960ebfa2e611c121f5be20c893c075a16fbbb48ee4b39a9c53a8e79c1e45dd05fed7a1344a21b31637ccb0
-
SSDEEP
49152:uKNNGU3NncX7BQuz/gTiC6Ltsoh3r6ka2t+gNo/a42kth:3NNG0NnWBQoPBsoh7XaZgNo/92ch
Behavioral task
behavioral1
Sample
3ed45844156ae062adebc2c60b09f690.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
fs3
65.21.103.71:56458
Targets
-
-
Target
3ed45844156ae062adebc2c60b09f690
-
Size
1.9MB
-
MD5
3ed45844156ae062adebc2c60b09f690
-
SHA1
ebe854e8ae5adde089d9c86cc488c285176ab4e6
-
SHA256
b1a9f10bab29785ba80cf307015aac3242b4589b84ff27e6abb9d9c5590d38b6
-
SHA512
39ebbaf600f8a756867c3a78f67c3c21e843fa2d0e960ebfa2e611c121f5be20c893c075a16fbbb48ee4b39a9c53a8e79c1e45dd05fed7a1344a21b31637ccb0
-
SSDEEP
49152:uKNNGU3NncX7BQuz/gTiC6Ltsoh3r6ka2t+gNo/a42kth:3NNG0NnWBQoPBsoh7XaZgNo/92ch
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-