Overview

overview

10

Static

static

10

291fb99990...ca.exe

windows7_x64

10

291fb99990...ca.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    291fb9999009b5cb5e1ce39a6c58472291cdaaaeeea56beb6a4d0b7925574dca

  • Size

    2.6MB

  • Sample

    210228-q9nsx9fyya

  • MD5

    7d5efe07472bd441a9d6b3eefc33008f

  • SHA1

    bd2d32b6b2145489eb7cf1371315bf97661e7f86

  • SHA256

    291fb9999009b5cb5e1ce39a6c58472291cdaaaeeea56beb6a4d0b7925574dca

  • SHA512

    49e87152870ddecfc8695fce4d6c81d0bab0889be26c85a3b14b0abf1f60cb848f63c244fde55266c72d58ac1a2c7e38e633b828e8177dc64fbda2c8e003c7bb

Score
10/10
redlineevasioninfostealerthemidatrojan

Malware Config

Targets

    • Target

      291fb9999009b5cb5e1ce39a6c58472291cdaaaeeea56beb6a4d0b7925574dca

    • Size

      2.6MB

    • MD5

      7d5efe07472bd441a9d6b3eefc33008f

    • SHA1

      bd2d32b6b2145489eb7cf1371315bf97661e7f86

    • SHA256

      291fb9999009b5cb5e1ce39a6c58472291cdaaaeeea56beb6a4d0b7925574dca

    • SHA512

      49e87152870ddecfc8695fce4d6c81d0bab0889be26c85a3b14b0abf1f60cb848f63c244fde55266c72d58ac1a2c7e38e633b828e8177dc64fbda2c8e003c7bb

    Score
    10/10
    redlineevasioninfostealerthemidatrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • themida

      Detects Themida, Advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks