General
-
Target
63f8ef0e77508ba0575dc2b12af51d6416d9eb4bab6ad9b2380fd9a8cbbb9121
-
Size
3.0MB
-
Sample
210727-va1mbzv7ba
-
MD5
f056f59345899c6b99966d6b1c1a7d64
-
SHA1
8725b1ef0a299c75c65e0956918d41d801e4fa1d
-
SHA256
63f8ef0e77508ba0575dc2b12af51d6416d9eb4bab6ad9b2380fd9a8cbbb9121
-
SHA512
6bb60eef6366e928f8f7d9b1d9014e9e4bc3b64936d39ac94747390a2bab1261b322bd89f4e7fccb673ec24a6649add5c5e2504b7c1157786bee48dafc0ba244
Static task
static1
Malware Config
Targets
-
-
Target
63f8ef0e77508ba0575dc2b12af51d6416d9eb4bab6ad9b2380fd9a8cbbb9121
-
Size
3.0MB
-
MD5
f056f59345899c6b99966d6b1c1a7d64
-
SHA1
8725b1ef0a299c75c65e0956918d41d801e4fa1d
-
SHA256
63f8ef0e77508ba0575dc2b12af51d6416d9eb4bab6ad9b2380fd9a8cbbb9121
-
SHA512
6bb60eef6366e928f8f7d9b1d9014e9e4bc3b64936d39ac94747390a2bab1261b322bd89f4e7fccb673ec24a6649add5c5e2504b7c1157786bee48dafc0ba244
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-