General
-
Target
d4ac1cc4b72a680d76ed4adf7a02d68ec816a503bbe0a6c38c725ed3b9378655
-
Size
2.5MB
-
Sample
220215-ghblmsbdf7
-
MD5
68d8ffa7d432ec9493ccba43a2786de9
-
SHA1
763507d222a3b0fab79914e266a6e69b6a1451b4
-
SHA256
d4ac1cc4b72a680d76ed4adf7a02d68ec816a503bbe0a6c38c725ed3b9378655
-
SHA512
92b7ea961da5f1256ddf4f9df17810e492670e5383bca363a29dd676ac6dcee4b45bf471ef239ebd35cf572d69464d3ca3955b1b0afdaf9b6b2ecf3a2a8c6ca1
Static task
static1
Behavioral task
behavioral1
Sample
d4ac1cc4b72a680d76ed4adf7a02d68ec816a503bbe0a6c38c725ed3b9378655.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d4ac1cc4b72a680d76ed4adf7a02d68ec816a503bbe0a6c38c725ed3b9378655.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
d4ac1cc4b72a680d76ed4adf7a02d68ec816a503bbe0a6c38c725ed3b9378655
-
Size
2.5MB
-
MD5
68d8ffa7d432ec9493ccba43a2786de9
-
SHA1
763507d222a3b0fab79914e266a6e69b6a1451b4
-
SHA256
d4ac1cc4b72a680d76ed4adf7a02d68ec816a503bbe0a6c38c725ed3b9378655
-
SHA512
92b7ea961da5f1256ddf4f9df17810e492670e5383bca363a29dd676ac6dcee4b45bf471ef239ebd35cf572d69464d3ca3955b1b0afdaf9b6b2ecf3a2a8c6ca1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-