General
-
Target
cb3b7d083c31cb29d90e61768070ab7697abc0fa9922d5abb63f16d2db34684d
-
Size
3.0MB
-
Sample
210727-dt9kctw3dj
-
MD5
9bfb6f01c5d2798f310d986f994a5677
-
SHA1
b1473cbb969df0888e73e6820d0f2927a0d2d257
-
SHA256
cb3b7d083c31cb29d90e61768070ab7697abc0fa9922d5abb63f16d2db34684d
-
SHA512
b2ab89ddebae80a2f5c2d75a48bb7c3078e6dbe891a1545f0a14f7b10e38a9f496125b0cacdda8766ca76869360686b79a6edbcf7307eefa814511b8956d0811
Static task
static1
Malware Config
Targets
-
-
Target
cb3b7d083c31cb29d90e61768070ab7697abc0fa9922d5abb63f16d2db34684d
-
Size
3.0MB
-
MD5
9bfb6f01c5d2798f310d986f994a5677
-
SHA1
b1473cbb969df0888e73e6820d0f2927a0d2d257
-
SHA256
cb3b7d083c31cb29d90e61768070ab7697abc0fa9922d5abb63f16d2db34684d
-
SHA512
b2ab89ddebae80a2f5c2d75a48bb7c3078e6dbe891a1545f0a14f7b10e38a9f496125b0cacdda8766ca76869360686b79a6edbcf7307eefa814511b8956d0811
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-