General
-
Target
SecuriteInfo.com.Variant.Bulz.392162.30748.358
-
Size
5.1MB
-
Sample
210315-bneq5wsdcj
-
MD5
7944dba0e2f775e78ea960caccd0b37a
-
SHA1
3e262dd3efe917394cb2fab5bc10444d5980ae45
-
SHA256
fb8a2b78f0d3139d8192dbeb925e8e8d13bf370540f2c7853107a8e4b3beac38
-
SHA512
b2bcecbf6a5218b8fa667c2ada79743b1fe61f3f833356a5ea7df71dec5c5ece1f409b76bc8314bc84953cc1dc250a3c5a7716044a4d08ea8d64a6da53982afe
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Variant.Bulz.392162.30748.358
-
Size
5.1MB
-
MD5
7944dba0e2f775e78ea960caccd0b37a
-
SHA1
3e262dd3efe917394cb2fab5bc10444d5980ae45
-
SHA256
fb8a2b78f0d3139d8192dbeb925e8e8d13bf370540f2c7853107a8e4b3beac38
-
SHA512
b2bcecbf6a5218b8fa667c2ada79743b1fe61f3f833356a5ea7df71dec5c5ece1f409b76bc8314bc84953cc1dc250a3c5a7716044a4d08ea8d64a6da53982afe
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
themida
Detects Themida, Advanced Windows software protection system.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-