General
-
Target
60aa3872c986eeacf55f0a0e935865a3
-
Size
3.0MB
-
Sample
210721-dnf6bt7lrx
-
MD5
60aa3872c986eeacf55f0a0e935865a3
-
SHA1
ceef478652b613149597a55cceb44d3c3c9aadc8
-
SHA256
b61afe14307f31673f7ca5970d1bc8226dc21ef34a3f71a549025bf5babb3e86
-
SHA512
fb9fc57b78a778cef221dc312a960986497b21176170c00292fa17e3f164365d69ccaf928fc7869ae3e8aaa91e6ddc7cd82839569439c139cc13dd879888da32
Behavioral task
behavioral1
Sample
60aa3872c986eeacf55f0a0e935865a3.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
60aa3872c986eeacf55f0a0e935865a3
-
Size
3.0MB
-
MD5
60aa3872c986eeacf55f0a0e935865a3
-
SHA1
ceef478652b613149597a55cceb44d3c3c9aadc8
-
SHA256
b61afe14307f31673f7ca5970d1bc8226dc21ef34a3f71a549025bf5babb3e86
-
SHA512
fb9fc57b78a778cef221dc312a960986497b21176170c00292fa17e3f164365d69ccaf928fc7869ae3e8aaa91e6ddc7cd82839569439c139cc13dd879888da32
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-