General
-
Target
54912a5f615fd6b057315b741ad01060
-
Size
1.8MB
-
Sample
240111-zs8m8sgecr
-
MD5
54912a5f615fd6b057315b741ad01060
-
SHA1
e31668d8f66142e787796de6816ea1ad1c74af76
-
SHA256
6c6b409d867e26d5db4fbef89f446dedd80471acc9bd62498ad289ea653588b8
-
SHA512
656de85abf1d02009b2db76f4b2dd6f538fe886f9e99ebcd9c3b73029e7a2b2c8c25d2bbae05cf1c0315dbcd416489b5ebfd5f359c4914651ace7e0a703e9b0d
-
SSDEEP
49152:lXWDCw311GflCOYep0/VfJW06OBtMVN2W1TW:lmGw311Gfl+euVfJVHtM3ZTW
Static task
static1
Behavioral task
behavioral1
Sample
54912a5f615fd6b057315b741ad01060.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
54912a5f615fd6b057315b741ad01060.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
54.38.123.247:8696
Targets
-
-
Target
54912a5f615fd6b057315b741ad01060
-
Size
1.8MB
-
MD5
54912a5f615fd6b057315b741ad01060
-
SHA1
e31668d8f66142e787796de6816ea1ad1c74af76
-
SHA256
6c6b409d867e26d5db4fbef89f446dedd80471acc9bd62498ad289ea653588b8
-
SHA512
656de85abf1d02009b2db76f4b2dd6f538fe886f9e99ebcd9c3b73029e7a2b2c8c25d2bbae05cf1c0315dbcd416489b5ebfd5f359c4914651ace7e0a703e9b0d
-
SSDEEP
49152:lXWDCw311GflCOYep0/VfJW06OBtMVN2W1TW:lmGw311Gfl+euVfJVHtM3ZTW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-