General
-
Target
e9185403a9332d7672f0150140186aacf59280afbb100ef2aab8866027f69ade
-
Size
2.7MB
-
Sample
220215-fr6mpscefj
-
MD5
a6de641f872410817c34618c203b0809
-
SHA1
a88898d5b0a40fbce8af43eacb10f606c17ad66e
-
SHA256
e9185403a9332d7672f0150140186aacf59280afbb100ef2aab8866027f69ade
-
SHA512
bc873dcdc1cb110e874242e61f568b27a16bc9185f78f1399c6a03a547d51df7240d2069f75bb587f2562bb343a8e24967c0c8e17e510dbbe486c9bf29d783ac
Static task
static1
Behavioral task
behavioral1
Sample
e9185403a9332d7672f0150140186aacf59280afbb100ef2aab8866027f69ade.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e9185403a9332d7672f0150140186aacf59280afbb100ef2aab8866027f69ade.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
e9185403a9332d7672f0150140186aacf59280afbb100ef2aab8866027f69ade
-
Size
2.7MB
-
MD5
a6de641f872410817c34618c203b0809
-
SHA1
a88898d5b0a40fbce8af43eacb10f606c17ad66e
-
SHA256
e9185403a9332d7672f0150140186aacf59280afbb100ef2aab8866027f69ade
-
SHA512
bc873dcdc1cb110e874242e61f568b27a16bc9185f78f1399c6a03a547d51df7240d2069f75bb587f2562bb343a8e24967c0c8e17e510dbbe486c9bf29d783ac
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-