Overview

overview

10

Static

static

7

d91ee8f798...ea.exe

windows7_x64

10

d91ee8f798...ea.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d91ee8f798d077711c1b2792c22b0f5fae5fa4df6c6abc3268348c43c4c31dea

  • Size

    2.5MB

  • Sample

    220215-gbz1nabda5

  • MD5

    539e3b74e463df70e3941ac26990591a

  • SHA1

    d7fd4fe21e1d0f095139649582601921017272f7

  • SHA256

    d91ee8f798d077711c1b2792c22b0f5fae5fa4df6c6abc3268348c43c4c31dea

  • SHA512

    149d8f55a7e6afdc377e1dd6dd3f36bb7ba1fe55411cd8996445599fa871321343b7536f3f30d5a55445e4a564dc8d1fe5f5b338edbf1e8b33452d7431562399

Score
10/10
redlineevasioninfostealerthemidatrojan

Malware Config

Targets

    • Target

      d91ee8f798d077711c1b2792c22b0f5fae5fa4df6c6abc3268348c43c4c31dea

    • Size

      2.5MB

    • MD5

      539e3b74e463df70e3941ac26990591a

    • SHA1

      d7fd4fe21e1d0f095139649582601921017272f7

    • SHA256

      d91ee8f798d077711c1b2792c22b0f5fae5fa4df6c6abc3268348c43c4c31dea

    • SHA512

      149d8f55a7e6afdc377e1dd6dd3f36bb7ba1fe55411cd8996445599fa871321343b7536f3f30d5a55445e4a564dc8d1fe5f5b338edbf1e8b33452d7431562399

    Score
    10/10
    redlineevasioninfostealerthemidatrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks