General
-
Target
SecuriteInfo.com.Trojan.GenericKD.45172172.18303.29340
-
Size
2.5MB
-
Sample
201226-apzh7jbcps
-
MD5
726416c22fec0616dad74b6af93fdb2e
-
SHA1
7bec6c4668e9ace3464e40f9a32bf325fc815ed9
-
SHA256
5caf05d632263d6fcb361a630f017850caebd0c9851888a755c0dae99062df7e
-
SHA512
472cb84ca1a48af7317e0521bc6912e986ff614d6f26729cd2efc1c64a0e17e454b627b217b09d4955d07391a8ff6b5e454563711964f374d7eea216bec7b5dc
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.GenericKD.45172172.18303.29340
-
Size
2.5MB
-
MD5
726416c22fec0616dad74b6af93fdb2e
-
SHA1
7bec6c4668e9ace3464e40f9a32bf325fc815ed9
-
SHA256
5caf05d632263d6fcb361a630f017850caebd0c9851888a755c0dae99062df7e
-
SHA512
472cb84ca1a48af7317e0521bc6912e986ff614d6f26729cd2efc1c64a0e17e454b627b217b09d4955d07391a8ff6b5e454563711964f374d7eea216bec7b5dc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-