General
-
Target
53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b
-
Size
1.4MB
-
Sample
241104-zj8xmszkck
-
MD5
42777b129a7ac23533e2f2395b0b6ce5
-
SHA1
39bd402b6e443f1e4428a2cd3df3ce14aee29077
-
SHA256
53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b
-
SHA512
aee3343fdb73d07f4fa18725402c69dc885904171c9b821d63f3c9edc5ef99367334f1e39aa9b8f5f66569335f418942ea5401de5eebc6d10a9c0103c7be99db
-
SSDEEP
24576:YVs/786BMc3Hpy+fNymQ6QFw5fgTn0jHkom2KaN4/Epocc9UV5fFEgf8boorkEac:Yy786Bd3HgwydsIAjH/mlaC3cc9UVNFo
Static task
static1
Behavioral task
behavioral1
Sample
53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
saninolece.xyz:80
-
auth_value
9b143aa40fe6c853e0ddebdf496de748
Targets
-
-
Target
53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b
-
Size
1.4MB
-
MD5
42777b129a7ac23533e2f2395b0b6ce5
-
SHA1
39bd402b6e443f1e4428a2cd3df3ce14aee29077
-
SHA256
53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b
-
SHA512
aee3343fdb73d07f4fa18725402c69dc885904171c9b821d63f3c9edc5ef99367334f1e39aa9b8f5f66569335f418942ea5401de5eebc6d10a9c0103c7be99db
-
SSDEEP
24576:YVs/786BMc3Hpy+fNymQ6QFw5fgTn0jHkom2KaN4/Epocc9UV5fFEgf8boorkEac:Yy786Bd3HgwydsIAjH/mlaC3cc9UVNFo
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-