General
-
Target
24aa9916ffc0c7a62ae9eaf5131a6bba469568bf
-
Size
6.3MB
-
Sample
241109-g4z65azbkr
-
MD5
8fdf03a9d6ad1b0980736fecea679452
-
SHA1
24aa9916ffc0c7a62ae9eaf5131a6bba469568bf
-
SHA256
da4857cd0ffbebdd106ac29c7235691b4be05d9606ce5ec73200a66160a65ae3
-
SHA512
20cad91b57b09661591571e58ccf8eb7f3edd890607c1424379a42b17f9ef118d87d47dd46b5f0197e9f03be82805274322b8c0ecb6db78938067f416cb9a343
-
SSDEEP
196608:F5KPulmV3d56bMNHoY1J2kYi0hOlbNpcZNd:SGsVK5MYtONjcZP
Behavioral task
behavioral1
Sample
a31c586f16980f56ec1d6b587804cb24.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
@s1ker777
193.106.191.160:8673
-
auth_value
dd3766491228ea046e9f9c737284a176
Targets
-
-
Target
a31c586f16980f56ec1d6b587804cb24.exe.vir
-
Size
740.7MB
-
MD5
a31c586f16980f56ec1d6b587804cb24
-
SHA1
0c2a375217632b388b19f846a668eb293d1d40c3
-
SHA256
8db63e77c99f5e2a1ab4cebf5c02344954c6ffcac712ff86e61a3f1fd098f4a1
-
SHA512
86444306251a07d771c09d0ce05a66770cabc5ef410aa15b576a4b27ddbee579c88f336cb728513d316cd7a52679b8770e6e316eb92feed76e7b7c6ff1271314
-
SSDEEP
393216:Z999999999999999999999999999/DTOtJepmVCLi+:78JepMCJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-