General
-
Target
df882019f27f70c1048701cfba8b61c03417fbe29525cb8debea6815b96423d4
-
Size
3.3MB
-
Sample
210727-mpfxyf9q2s
-
MD5
10b704043c5830e1e8cd977676b95738
-
SHA1
33f4164c2705d691b6cf59a4a834b5747e22d4d1
-
SHA256
df882019f27f70c1048701cfba8b61c03417fbe29525cb8debea6815b96423d4
-
SHA512
dec5dcfec3138ecf14f2d1129fbc2967b00522cd8b331f9456604575e4f0115c2d53c3b0df88a06edb3e6baac6a1939aedeec3a43697b334b4dac7694e442888
Malware Config
Targets
-
-
Target
df882019f27f70c1048701cfba8b61c03417fbe29525cb8debea6815b96423d4
-
Size
3.3MB
-
MD5
10b704043c5830e1e8cd977676b95738
-
SHA1
33f4164c2705d691b6cf59a4a834b5747e22d4d1
-
SHA256
df882019f27f70c1048701cfba8b61c03417fbe29525cb8debea6815b96423d4
-
SHA512
dec5dcfec3138ecf14f2d1129fbc2967b00522cd8b331f9456604575e4f0115c2d53c3b0df88a06edb3e6baac6a1939aedeec3a43697b334b4dac7694e442888
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-