General
-
Target
e2f7bcd1daac067dbf331d25be08b63d9577cb4246e7f8ee39181d91420a2a52
-
Size
2.7MB
-
Sample
220215-f1aavsbbg5
-
MD5
3059f6b1e936e93c7d7a2e3ca9d8bc10
-
SHA1
7842de9af38f52b75b990a1490dc6e8e7d4045a8
-
SHA256
e2f7bcd1daac067dbf331d25be08b63d9577cb4246e7f8ee39181d91420a2a52
-
SHA512
94e68d80113b830911b9ec5dc4bc2485cfcf87d103d20276c122a22a1c77b1b11d7be328a5e4cf50a3c2cea4088cc8041b8e28b0c6f2f192b846ce09f991c6ad
Static task
static1
Behavioral task
behavioral1
Sample
e2f7bcd1daac067dbf331d25be08b63d9577cb4246e7f8ee39181d91420a2a52.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e2f7bcd1daac067dbf331d25be08b63d9577cb4246e7f8ee39181d91420a2a52.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
e2f7bcd1daac067dbf331d25be08b63d9577cb4246e7f8ee39181d91420a2a52
-
Size
2.7MB
-
MD5
3059f6b1e936e93c7d7a2e3ca9d8bc10
-
SHA1
7842de9af38f52b75b990a1490dc6e8e7d4045a8
-
SHA256
e2f7bcd1daac067dbf331d25be08b63d9577cb4246e7f8ee39181d91420a2a52
-
SHA512
94e68d80113b830911b9ec5dc4bc2485cfcf87d103d20276c122a22a1c77b1b11d7be328a5e4cf50a3c2cea4088cc8041b8e28b0c6f2f192b846ce09f991c6ad
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-