General
-
Target
bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882
-
Size
2.5MB
-
Sample
220215-hc612abgg7
-
MD5
b2d0ca04293b751f0be96f9de2d7cd05
-
SHA1
67744c1637d2d7c483ac77b5a1a0df100f991d98
-
SHA256
bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882
-
SHA512
9521290de5fc1d79d199c70bae431361e1af090db8d75e56f5d15552af8f88a5173f30d1d8eb38e01ed2117b804207e34c4f4a8fcafc79f7ebf899b64ce3f18d
Static task
static1
Behavioral task
behavioral1
Sample
bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882
-
Size
2.5MB
-
MD5
b2d0ca04293b751f0be96f9de2d7cd05
-
SHA1
67744c1637d2d7c483ac77b5a1a0df100f991d98
-
SHA256
bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882
-
SHA512
9521290de5fc1d79d199c70bae431361e1af090db8d75e56f5d15552af8f88a5173f30d1d8eb38e01ed2117b804207e34c4f4a8fcafc79f7ebf899b64ce3f18d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-