General
-
Target
f7521eec1c0dd8ba2c4d344c3befe56fab15f8dd3d712b473d6a6efa631753dc
-
Size
2.8MB
-
Sample
220215-e96jzsagf9
-
MD5
f3b1796bc60de9fe31bd2ecc365f74e1
-
SHA1
1a95217a3d5f90f537874f9c75724037e1bdae26
-
SHA256
f7521eec1c0dd8ba2c4d344c3befe56fab15f8dd3d712b473d6a6efa631753dc
-
SHA512
2e04a77e18e5b6b599117c673f64bd8c9a610be11411614198970368697d8496c1bc428655b1fc7e91cc68e6d9f0f71b160e5c974da348677d2687240231d4e0
Malware Config
Targets
-
-
Target
f7521eec1c0dd8ba2c4d344c3befe56fab15f8dd3d712b473d6a6efa631753dc
-
Size
2.8MB
-
MD5
f3b1796bc60de9fe31bd2ecc365f74e1
-
SHA1
1a95217a3d5f90f537874f9c75724037e1bdae26
-
SHA256
f7521eec1c0dd8ba2c4d344c3befe56fab15f8dd3d712b473d6a6efa631753dc
-
SHA512
2e04a77e18e5b6b599117c673f64bd8c9a610be11411614198970368697d8496c1bc428655b1fc7e91cc68e6d9f0f71b160e5c974da348677d2687240231d4e0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-