General
-
Target
f473db9853e1af852d73f80f5a2c7e3e14060a856a9de15029a42ebfdac50831
-
Size
2.9MB
-
Sample
220215-fdcgpscdbp
-
MD5
888d0a97e0d496efec74346ac8756848
-
SHA1
9029663a1ff39b5ddf31f35cdcf72196e1995fa1
-
SHA256
f473db9853e1af852d73f80f5a2c7e3e14060a856a9de15029a42ebfdac50831
-
SHA512
7d4ef820109c5a6876d228a4cbcd2f5088d1b271d9b11cfafffa74eaf9d0e65476276909c322a82dbcdc221e7f85dbb8da4365083a004630b7bcd8476dfc48e4
Static task
static1
Behavioral task
behavioral1
Sample
f473db9853e1af852d73f80f5a2c7e3e14060a856a9de15029a42ebfdac50831.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f473db9853e1af852d73f80f5a2c7e3e14060a856a9de15029a42ebfdac50831.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
f473db9853e1af852d73f80f5a2c7e3e14060a856a9de15029a42ebfdac50831
-
Size
2.9MB
-
MD5
888d0a97e0d496efec74346ac8756848
-
SHA1
9029663a1ff39b5ddf31f35cdcf72196e1995fa1
-
SHA256
f473db9853e1af852d73f80f5a2c7e3e14060a856a9de15029a42ebfdac50831
-
SHA512
7d4ef820109c5a6876d228a4cbcd2f5088d1b271d9b11cfafffa74eaf9d0e65476276909c322a82dbcdc221e7f85dbb8da4365083a004630b7bcd8476dfc48e4
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-