General
-
Target
c34b5f769bccb3858f0783c7922126aaf856d27bad2142f374667b59aacd3c05
-
Size
2.8MB
-
Sample
220215-g5dphsbfh8
-
MD5
c085b83000843d22b8cd05bbc7b159c6
-
SHA1
afe10482ad5182c87cf69524f8ef4cb2b95a2fef
-
SHA256
c34b5f769bccb3858f0783c7922126aaf856d27bad2142f374667b59aacd3c05
-
SHA512
7bd5e675f6ae902e5391f38fe1739dc6e838bfa4fa8832dedf3de1432203780c0e1395d72bfd5bdc47e219e7f75a02c771b4ba003711ca2d0b03e3ee11f010d5
Malware Config
Targets
-
-
Target
c34b5f769bccb3858f0783c7922126aaf856d27bad2142f374667b59aacd3c05
-
Size
2.8MB
-
MD5
c085b83000843d22b8cd05bbc7b159c6
-
SHA1
afe10482ad5182c87cf69524f8ef4cb2b95a2fef
-
SHA256
c34b5f769bccb3858f0783c7922126aaf856d27bad2142f374667b59aacd3c05
-
SHA512
7bd5e675f6ae902e5391f38fe1739dc6e838bfa4fa8832dedf3de1432203780c0e1395d72bfd5bdc47e219e7f75a02c771b4ba003711ca2d0b03e3ee11f010d5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-