General
-
Target
d8df6ea842d843537e4e258b00441184ab937afa7ab8bc19fae5960821629069
-
Size
3.6MB
-
Sample
220215-gcar6acgdm
-
MD5
e45121171ab4c1e206b98b136b65d42e
-
SHA1
e560c2ce841a4af3aee1d32dbd906bcc044657bf
-
SHA256
d8df6ea842d843537e4e258b00441184ab937afa7ab8bc19fae5960821629069
-
SHA512
c2adecc87845a6a0a8eeda057c7ec6919075c08085723f775763e2eabbbd215549888167ccc8c366950aa0c04ac1ce849391177c6b775a1f8e6f4f73c891d1f6
Static task
static1
Behavioral task
behavioral1
Sample
d8df6ea842d843537e4e258b00441184ab937afa7ab8bc19fae5960821629069.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d8df6ea842d843537e4e258b00441184ab937afa7ab8bc19fae5960821629069.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
d8df6ea842d843537e4e258b00441184ab937afa7ab8bc19fae5960821629069
-
Size
3.6MB
-
MD5
e45121171ab4c1e206b98b136b65d42e
-
SHA1
e560c2ce841a4af3aee1d32dbd906bcc044657bf
-
SHA256
d8df6ea842d843537e4e258b00441184ab937afa7ab8bc19fae5960821629069
-
SHA512
c2adecc87845a6a0a8eeda057c7ec6919075c08085723f775763e2eabbbd215549888167ccc8c366950aa0c04ac1ce849391177c6b775a1f8e6f4f73c891d1f6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-