General
-
Target
1bc577dad75c1a9330733c7c0afd3acd
-
Size
3.3MB
-
Sample
231225-nw6ghagch6
-
MD5
1bc577dad75c1a9330733c7c0afd3acd
-
SHA1
30962e91f8a0738b310714fc1773f59691df80b5
-
SHA256
8287099f75fb545e5d4227322ac149ba01daaba3f81b87b2555ad663b028ed78
-
SHA512
2f7b38fa812409ea5bd0f22602e28926c2531d81b0055705334b1a380de9786e2c29262ff3b09f167f6a8f5ca6599b91297fe57600762df53dd26d7fba04a845
-
SSDEEP
98304:RiAA5tD/+aIVLyVNlFRCJOSDF7UYET4Lpi4nnfVbff:Ri3br+zVUTUOShYYa+pi4nfVbH
Behavioral task
behavioral1
Sample
1bc577dad75c1a9330733c7c0afd3acd.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
@N4m1ko
185.241.54.128:47729
Targets
-
-
Target
1bc577dad75c1a9330733c7c0afd3acd
-
Size
3.3MB
-
MD5
1bc577dad75c1a9330733c7c0afd3acd
-
SHA1
30962e91f8a0738b310714fc1773f59691df80b5
-
SHA256
8287099f75fb545e5d4227322ac149ba01daaba3f81b87b2555ad663b028ed78
-
SHA512
2f7b38fa812409ea5bd0f22602e28926c2531d81b0055705334b1a380de9786e2c29262ff3b09f167f6a8f5ca6599b91297fe57600762df53dd26d7fba04a845
-
SSDEEP
98304:RiAA5tD/+aIVLyVNlFRCJOSDF7UYET4Lpi4nnfVbff:Ri3br+zVUTUOShYYa+pi4nfVbH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-