General
-
Target
29d0bf8a76f51a9ec7d39f90cd7a5f57.exe
-
Size
5.1MB
-
Sample
210314-wb2mf7jl3x
-
MD5
29d0bf8a76f51a9ec7d39f90cd7a5f57
-
SHA1
d954337798846a9b8fb2609f94f287dbe63a03f8
-
SHA256
7fb4f8f5f89b3fb2a4e9a6605763436ebb679198ee5ebbcde8972bb1e20a8da5
-
SHA512
7020b1b21b27674d7a6d1b4b9708161818eecca8f743a37bcb80371e12d7452d522a65672529e41d392007e94427726ac60a6e6f87cf9f8c5cc1f09bf1a675ea
Static task
static1
Behavioral task
behavioral1
Sample
29d0bf8a76f51a9ec7d39f90cd7a5f57.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
29d0bf8a76f51a9ec7d39f90cd7a5f57.exe
-
Size
5.1MB
-
MD5
29d0bf8a76f51a9ec7d39f90cd7a5f57
-
SHA1
d954337798846a9b8fb2609f94f287dbe63a03f8
-
SHA256
7fb4f8f5f89b3fb2a4e9a6605763436ebb679198ee5ebbcde8972bb1e20a8da5
-
SHA512
7020b1b21b27674d7a6d1b4b9708161818eecca8f743a37bcb80371e12d7452d522a65672529e41d392007e94427726ac60a6e6f87cf9f8c5cc1f09bf1a675ea
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-