General
-
Target
e3c39d392a9f3beb21dbf5f1ddcbebe8feb4821329ac51e4dbe9806852ff92a8
-
Size
2.4MB
-
Sample
220215-fzg93sbbf7
-
MD5
8b412d4f52aace155bc4c50256d1378e
-
SHA1
7f411dedb607b4e16651e70c4c656e1e0e1d490e
-
SHA256
e3c39d392a9f3beb21dbf5f1ddcbebe8feb4821329ac51e4dbe9806852ff92a8
-
SHA512
5316057996b2150f25775c7020b5dd19623354113cc56119673695142df90bf31a8ae77a7e66ef7671e8c8563db440627752f19045d6a47ae1c82a65ed132638
Static task
static1
Behavioral task
behavioral1
Sample
e3c39d392a9f3beb21dbf5f1ddcbebe8feb4821329ac51e4dbe9806852ff92a8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e3c39d392a9f3beb21dbf5f1ddcbebe8feb4821329ac51e4dbe9806852ff92a8.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
e3c39d392a9f3beb21dbf5f1ddcbebe8feb4821329ac51e4dbe9806852ff92a8
-
Size
2.4MB
-
MD5
8b412d4f52aace155bc4c50256d1378e
-
SHA1
7f411dedb607b4e16651e70c4c656e1e0e1d490e
-
SHA256
e3c39d392a9f3beb21dbf5f1ddcbebe8feb4821329ac51e4dbe9806852ff92a8
-
SHA512
5316057996b2150f25775c7020b5dd19623354113cc56119673695142df90bf31a8ae77a7e66ef7671e8c8563db440627752f19045d6a47ae1c82a65ed132638
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-