Overview

overview

10

Static

static

7

bcd53bd269...82.exe

windows7_x64

10

bcd53bd269...82.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882

  • Size

    2.5MB

  • Sample

    220215-hc612abgg7

  • MD5

    b2d0ca04293b751f0be96f9de2d7cd05

  • SHA1

    67744c1637d2d7c483ac77b5a1a0df100f991d98

  • SHA256

    bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882

  • SHA512

    9521290de5fc1d79d199c70bae431361e1af090db8d75e56f5d15552af8f88a5173f30d1d8eb38e01ed2117b804207e34c4f4a8fcafc79f7ebf899b64ce3f18d

Score
10/10
redlineevasioninfostealerthemidatrojan

Malware Config

Targets

    • Target

      bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882

    • Size

      2.5MB

    • MD5

      b2d0ca04293b751f0be96f9de2d7cd05

    • SHA1

      67744c1637d2d7c483ac77b5a1a0df100f991d98

    • SHA256

      bcd53bd269a4c75c27a307afe1157ad0d6053caf8d5037fdcde555a048faa882

    • SHA512

      9521290de5fc1d79d199c70bae431361e1af090db8d75e56f5d15552af8f88a5173f30d1d8eb38e01ed2117b804207e34c4f4a8fcafc79f7ebf899b64ce3f18d

    Score
    10/10
    redlineevasioninfostealerthemidatrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks