General
-
Target
3c9ce581ee50de2ca3ad5f73b5666424
-
Size
9.7MB
-
Sample
210726-yg8c8eeqej
-
MD5
3c9ce581ee50de2ca3ad5f73b5666424
-
SHA1
7fb5c8773210dd2f4c3ad1c32c94ae49fc5b0fe4
-
SHA256
bf0b6e7c79d0507e85ebad255973e90fa1ee1b6ae2eb408c4866aeb9322a9e5c
-
SHA512
d87edc4966ff0b7629842437b71305d0d79b5fe32a999204ddf33ce20973ebbca5c3e7156911075310b26ab158bbc956b77b4c589ecf8e02c53e6417118857be
Malware Config
Targets
-
-
Target
3c9ce581ee50de2ca3ad5f73b5666424
-
Size
9.7MB
-
MD5
3c9ce581ee50de2ca3ad5f73b5666424
-
SHA1
7fb5c8773210dd2f4c3ad1c32c94ae49fc5b0fe4
-
SHA256
bf0b6e7c79d0507e85ebad255973e90fa1ee1b6ae2eb408c4866aeb9322a9e5c
-
SHA512
d87edc4966ff0b7629842437b71305d0d79b5fe32a999204ddf33ce20973ebbca5c3e7156911075310b26ab158bbc956b77b4c589ecf8e02c53e6417118857be
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-