General
-
Target
946d57e17f85b6556069ab908af48b7e
-
Size
1.9MB
-
Sample
240206-lyqsqafcgq
-
MD5
946d57e17f85b6556069ab908af48b7e
-
SHA1
30524c2b14a80070ddfaa937731c3814a3b6201e
-
SHA256
7b265d7cc88fdf7c6d99ea21e3bc57c01e421f83a720da383fe7ae825fd958b0
-
SHA512
3e720cb0536e3b3eda121fe1d63f5469888d90dfed999d760085d7c30e0a3d8dec50b9b9ee65506c922d63257480251a385c7910cfa19e90ea104195fb6079a2
-
SSDEEP
24576:KOdEoHSpRdr3pOXi/eruVXKwGwICm6M7LfT+3sKpE1ICrjuzH+ByDYLN61s6DdBr:KOHy1UXlSglzXHf0sx1HkesDYiL09dm
Behavioral task
behavioral1
Sample
946d57e17f85b6556069ab908af48b7e.exe
Resource
win7-20231215-en
Malware Config
Extracted
redline
H
65.21.103.71:56458
Targets
-
-
Target
946d57e17f85b6556069ab908af48b7e
-
Size
1.9MB
-
MD5
946d57e17f85b6556069ab908af48b7e
-
SHA1
30524c2b14a80070ddfaa937731c3814a3b6201e
-
SHA256
7b265d7cc88fdf7c6d99ea21e3bc57c01e421f83a720da383fe7ae825fd958b0
-
SHA512
3e720cb0536e3b3eda121fe1d63f5469888d90dfed999d760085d7c30e0a3d8dec50b9b9ee65506c922d63257480251a385c7910cfa19e90ea104195fb6079a2
-
SSDEEP
24576:KOdEoHSpRdr3pOXi/eruVXKwGwICm6M7LfT+3sKpE1ICrjuzH+ByDYLN61s6DdBr:KOHy1UXlSglzXHf0sx1HkesDYiL09dm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SectopRAT payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-