General
-
Target
58cd344626319c5b2a533871979b4225
-
Size
1.9MB
-
Sample
240113-nhscqaaac3
-
MD5
58cd344626319c5b2a533871979b4225
-
SHA1
7720d2f88a0ea1495ae13ceb6f9d5d08fa6a696e
-
SHA256
c3e9175742396eb00a44a0c826d698ad3e639159d2ad81391f2a42e74196340e
-
SHA512
7effb6fb2be297a3f5de7b6d85e3855eb667f80ae8649cdd0c6a3e8a4e3d691bfd817ae4c4630667f7104dd3ba5502c8558653d98756e7aefe60bce3a6522881
-
SSDEEP
49152:v/QOhFsIBdVbb6Wvg6glBFSsSeRRoN83a5lbvw:v/bFsQfb6WvdglBFSCR2JI
Static task
static1
Behavioral task
behavioral1
Sample
58cd344626319c5b2a533871979b4225.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
58cd344626319c5b2a533871979b4225.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
qawsedrf
65.21.162.231:41328
Targets
-
-
Target
58cd344626319c5b2a533871979b4225
-
Size
1.9MB
-
MD5
58cd344626319c5b2a533871979b4225
-
SHA1
7720d2f88a0ea1495ae13ceb6f9d5d08fa6a696e
-
SHA256
c3e9175742396eb00a44a0c826d698ad3e639159d2ad81391f2a42e74196340e
-
SHA512
7effb6fb2be297a3f5de7b6d85e3855eb667f80ae8649cdd0c6a3e8a4e3d691bfd817ae4c4630667f7104dd3ba5502c8558653d98756e7aefe60bce3a6522881
-
SSDEEP
49152:v/QOhFsIBdVbb6Wvg6glBFSsSeRRoN83a5lbvw:v/bFsQfb6WvdglBFSCR2JI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-