General
-
Target
fa7fd8469e83536604c81b88d93e53668ad1347865f61d8ec5b1d95bdf6185e4
-
Size
3.5MB
-
Sample
210727-7e5wwdnn3e
-
MD5
b97b119d7aa0317dd791c072810d49ae
-
SHA1
9d45d400bd87543109b0fa4ccade6d0cb87c7324
-
SHA256
fa7fd8469e83536604c81b88d93e53668ad1347865f61d8ec5b1d95bdf6185e4
-
SHA512
94510b6d98ee7bca104ef83e65d485a16f1a5cd1f851c400ce4129a296c5a8e87c613e0bd39f0d28522114f320a511cf76b1fc6fbea58e92199058984086401a
Malware Config
Targets
-
-
Target
fa7fd8469e83536604c81b88d93e53668ad1347865f61d8ec5b1d95bdf6185e4
-
Size
3.5MB
-
MD5
b97b119d7aa0317dd791c072810d49ae
-
SHA1
9d45d400bd87543109b0fa4ccade6d0cb87c7324
-
SHA256
fa7fd8469e83536604c81b88d93e53668ad1347865f61d8ec5b1d95bdf6185e4
-
SHA512
94510b6d98ee7bca104ef83e65d485a16f1a5cd1f851c400ce4129a296c5a8e87c613e0bd39f0d28522114f320a511cf76b1fc6fbea58e92199058984086401a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-