General
-
Target
edb0c74f18c0e4c8eddc9c5c0970f2bb18fc335aef2034d49944790f65620713
-
Size
2.8MB
-
Sample
220215-fmdq5abab4
-
MD5
232cd8bb745f6821bf0c2caad245ddf7
-
SHA1
cd5d4890aea05d840eef6df8e8e08c5bab5cf937
-
SHA256
edb0c74f18c0e4c8eddc9c5c0970f2bb18fc335aef2034d49944790f65620713
-
SHA512
2ce921d857b9edca1b4e14684a58b28be1677ca8850d35544c74bccf782d21596a7657b11b9a9be968b88cecd6e28dbc08c2574f011f349639d088b5efc4e9a3
Static task
static1
Behavioral task
behavioral1
Sample
edb0c74f18c0e4c8eddc9c5c0970f2bb18fc335aef2034d49944790f65620713.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
edb0c74f18c0e4c8eddc9c5c0970f2bb18fc335aef2034d49944790f65620713.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
edb0c74f18c0e4c8eddc9c5c0970f2bb18fc335aef2034d49944790f65620713
-
Size
2.8MB
-
MD5
232cd8bb745f6821bf0c2caad245ddf7
-
SHA1
cd5d4890aea05d840eef6df8e8e08c5bab5cf937
-
SHA256
edb0c74f18c0e4c8eddc9c5c0970f2bb18fc335aef2034d49944790f65620713
-
SHA512
2ce921d857b9edca1b4e14684a58b28be1677ca8850d35544c74bccf782d21596a7657b11b9a9be968b88cecd6e28dbc08c2574f011f349639d088b5efc4e9a3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-