Overview

overview

10

Static

static

7

e59c90fc11...41.exe

windows7_x64

10

e59c90fc11...41.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e59c90fc11fa8ca471c3d705fbbffd53739ca30c15d51fc917b2425862f5b841

  • Size

    2.8MB

  • Sample

    220215-fw8mvsbbd4

  • MD5

    c90d43dd1011de8a6ecf8197e2e3101b

  • SHA1

    b009f890a894f2cb44a559f0eb20d44aa58263fe

  • SHA256

    e59c90fc11fa8ca471c3d705fbbffd53739ca30c15d51fc917b2425862f5b841

  • SHA512

    18b73524635063891d840935ea36ef026b17dd5f2b751da761edc27e421687692f0530ab92769a6fac319ede4d15c62b3585f2b1828062b0b4bbeb31880131fb

Score
10/10
redlineevasioninfostealerthemidatrojan

Malware Config

Targets

    • Target

      e59c90fc11fa8ca471c3d705fbbffd53739ca30c15d51fc917b2425862f5b841

    • Size

      2.8MB

    • MD5

      c90d43dd1011de8a6ecf8197e2e3101b

    • SHA1

      b009f890a894f2cb44a559f0eb20d44aa58263fe

    • SHA256

      e59c90fc11fa8ca471c3d705fbbffd53739ca30c15d51fc917b2425862f5b841

    • SHA512

      18b73524635063891d840935ea36ef026b17dd5f2b751da761edc27e421687692f0530ab92769a6fac319ede4d15c62b3585f2b1828062b0b4bbeb31880131fb

    Score
    10/10
    redlineevasioninfostealerthemidatrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks