General
-
Target
6516689d40817b7ab997b4e6697e6b9f.exe
-
Size
2.5MB
-
Sample
201226-sb8y8z2qrj
-
MD5
6516689d40817b7ab997b4e6697e6b9f
-
SHA1
3150b7b1c5281a078a8f318e62e49c11b48505ba
-
SHA256
771abcaf7448313442e2b56a227ca3273f97872133894cad5039e50b1f4426e8
-
SHA512
acc07910ba62e67001de4f6cb15868736dfcfb718a2fbcf4db1057f7499f651098106fbd38de4f7f6ce41a27de38081450c45348ab55a4ba1334c478326ed19b
Malware Config
Targets
-
-
Target
6516689d40817b7ab997b4e6697e6b9f.exe
-
Size
2.5MB
-
MD5
6516689d40817b7ab997b4e6697e6b9f
-
SHA1
3150b7b1c5281a078a8f318e62e49c11b48505ba
-
SHA256
771abcaf7448313442e2b56a227ca3273f97872133894cad5039e50b1f4426e8
-
SHA512
acc07910ba62e67001de4f6cb15868736dfcfb718a2fbcf4db1057f7499f651098106fbd38de4f7f6ce41a27de38081450c45348ab55a4ba1334c478326ed19b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-