General
-
Target
5acc5143f2427bba7eb2e16712bcd180.exe
-
Size
5.5MB
-
Sample
210313-kjv43twmbn
-
MD5
5acc5143f2427bba7eb2e16712bcd180
-
SHA1
01b197088e4408f541ada689887bd6b2e00c1def
-
SHA256
d20e9e79cb9806f16e3ecca36122fd43c684145729c699c5d7099d7f70ff369c
-
SHA512
dfc1ea423bf094d180e87b80c39bdef41cd5de075a1ebf49c2a250b7eefd727c28a4cc0774cf8c418e6285bfb36a444e5804027132dd0e66ff34ab176ff09e80
Behavioral task
behavioral1
Sample
5acc5143f2427bba7eb2e16712bcd180.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
5acc5143f2427bba7eb2e16712bcd180.exe
-
Size
5.5MB
-
MD5
5acc5143f2427bba7eb2e16712bcd180
-
SHA1
01b197088e4408f541ada689887bd6b2e00c1def
-
SHA256
d20e9e79cb9806f16e3ecca36122fd43c684145729c699c5d7099d7f70ff369c
-
SHA512
dfc1ea423bf094d180e87b80c39bdef41cd5de075a1ebf49c2a250b7eefd727c28a4cc0774cf8c418e6285bfb36a444e5804027132dd0e66ff34ab176ff09e80
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-