Overview

overview

10

Static

static

7

c9d1d5cc2f...f4.exe

windows7_x64

10

c9d1d5cc2f...f4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c9d1d5cc2feec3573545dceb82e4147ea0d88459caf07d5df8aff2cf76d5e1f4

  • Size

    2.7MB

  • Sample

    220215-gwqbysdacp

  • MD5

    9432fb0ec80d3678fc29e8ee0081990b

  • SHA1

    2062dbd21ec6245f4ed0e804119848aa60ae9b15

  • SHA256

    c9d1d5cc2feec3573545dceb82e4147ea0d88459caf07d5df8aff2cf76d5e1f4

  • SHA512

    9df0c7af361aa7e476a8f9a46619d3f1ee02214aeb11062621b135ae3d6960192811f64c08023fe22391f5d6e16d0f3b1b40d2ace7041237e41bfaaf2c81d2ff

Score
10/10
redlineevasioninfostealerthemidatrojan

Malware Config

Targets

    • Target

      c9d1d5cc2feec3573545dceb82e4147ea0d88459caf07d5df8aff2cf76d5e1f4

    • Size

      2.7MB

    • MD5

      9432fb0ec80d3678fc29e8ee0081990b

    • SHA1

      2062dbd21ec6245f4ed0e804119848aa60ae9b15

    • SHA256

      c9d1d5cc2feec3573545dceb82e4147ea0d88459caf07d5df8aff2cf76d5e1f4

    • SHA512

      9df0c7af361aa7e476a8f9a46619d3f1ee02214aeb11062621b135ae3d6960192811f64c08023fe22391f5d6e16d0f3b1b40d2ace7041237e41bfaaf2c81d2ff

    Score
    10/10
    redlineevasioninfostealerthemidatrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks