redline

General

Target

70d34f5f6c1eb08f1dcc534a2c3eea81.exe
Size

4.4MB
Sample

210722-4mwjtq1hkj
MD5

70d34f5f6c1eb08f1dcc534a2c3eea81
SHA1

94bc98926077108bdd80856ff10c31bb159adebe
SHA256

76acd8a497e85765a133bdd3c90cb26d257f029c45d73c52b4effc06f94a2555
SHA512

2af35b87a280f0d66cb4df7ba9543de6ffa4ee912499d53ec507da0523fe6006eae45ddb569aee9d7e026e284f3edb4d30386049fb9b807e5b3e84e200a6c833

Score

10^/10

Malware Config

Targets

- Target
  
  70d34f5f6c1eb08f1dcc534a2c3eea81.exe
- Size
  
  4.4MB
- MD5
  
  70d34f5f6c1eb08f1dcc534a2c3eea81
- SHA1
  
  94bc98926077108bdd80856ff10c31bb159adebe
- SHA256
  
  76acd8a497e85765a133bdd3c90cb26d257f029c45d73c52b4effc06f94a2555
- SHA512
  
  2af35b87a280f0d66cb4df7ba9543de6ffa4ee912499d53ec507da0523fe6006eae45ddb569aee9d7e026e284f3edb4d30386049fb9b807e5b3e84e200a6c833
Score

10^/10

redline discovery evasion infostealer spyware stealer themida trojan vmprotect
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2