General
-
Target
60a0a96914db4a17b095d08e300bf1a354228cc7591f0a90e5e765e48c30834a
-
Size
465KB
-
Sample
241108-rh1wmstenn
-
MD5
f1ca23dbcd5f61d1dd5794a0d1016f97
-
SHA1
3e84962c00b284632057521132fd2ac8a58d4373
-
SHA256
60a0a96914db4a17b095d08e300bf1a354228cc7591f0a90e5e765e48c30834a
-
SHA512
503134f0c3f51c837a5ef77c24239912996baf09e5468733fccacf454e0fdd28ab72db494813e7d5f72c2673a1341779839b0796315168b55deecafe8daa44e1
-
SSDEEP
12288:q1C94ZEqbjSQvOplqrRfpZe/97e6RKJ2CTkl8rnYw5wqcB21rii:uC94ZZYErBze/5eGa2WRtwqcUF
Static task
static1
Behavioral task
behavioral1
Sample
RQF #00811-AL WASL MACHINERY.exe
Resource
win7-20241010-en
Malware Config
Extracted
redline
bk
212.192.246.222:11418
Targets
-
-
Target
RQF #00811-AL WASL MACHINERY.exe
-
Size
754KB
-
MD5
0c2e3011179bd1933d70bd7a50946730
-
SHA1
eaff2c6db824fbc5426db7b5df01449f5e991d7a
-
SHA256
950b38612b5652e628dc6d55dffa1093dc4ed789d973be4278262d7257a8e81b
-
SHA512
aaa5b53041ace4925778c526cd05bc3c3a308bde8d6462228c1033318b1b40c0df50173e7252c388019f898988771fee5349b52686822c3d388cf929e51e5ca6
-
SSDEEP
12288:uoWHNszbQkYxUBLrOWsDlRERzEpb7NAVzErv0pdcCQ2/xEXmg:hWts+xcrOWsDlRswpb7UzET0NdEXmg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-