General
-
Target
ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902
-
Size
2.6MB
-
Sample
220215-fj7vssahh5
-
MD5
4929791acec6252b9b64ac7d706dcc6e
-
SHA1
ce80dc41663e02c282c69192a8bbc514c11e46b2
-
SHA256
ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902
-
SHA512
45027a45de6bd7a6c08ae73c6e4797daff14c9978cc60cfc3bc8a35982412ae190ecafa2b9ba06ecc9ef2f675d32a89c4367a9b6daf1647411ededbc9d86ae6a
Static task
static1
Behavioral task
behavioral1
Sample
ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902
-
Size
2.6MB
-
MD5
4929791acec6252b9b64ac7d706dcc6e
-
SHA1
ce80dc41663e02c282c69192a8bbc514c11e46b2
-
SHA256
ef47cd0866ea91341b4d2abf3a90b76f1b106233d43cb6c48d2a644fd3798902
-
SHA512
45027a45de6bd7a6c08ae73c6e4797daff14c9978cc60cfc3bc8a35982412ae190ecafa2b9ba06ecc9ef2f675d32a89c4367a9b6daf1647411ededbc9d86ae6a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-