General
-
Target
b704a93a48716895f924221cc63e3bec2f9681b92cfe4b9176f1cf98ce77ce74
-
Size
2.8MB
-
Sample
220215-hk3zcaddak
-
MD5
934a2ff0a3b70b560122a52f67eb50bf
-
SHA1
15747565aea9329806fe74ffe1b9f70685edea9b
-
SHA256
b704a93a48716895f924221cc63e3bec2f9681b92cfe4b9176f1cf98ce77ce74
-
SHA512
0abb3bcfe8962d7bec40fe507908909ffe57e6b49bf0e6a098cc4574ba2b979f8894c8016ef276ce250aaf723f1c4a910e44fe9b4868af66b3cadd2a989b3428
Malware Config
Targets
-
-
Target
b704a93a48716895f924221cc63e3bec2f9681b92cfe4b9176f1cf98ce77ce74
-
Size
2.8MB
-
MD5
934a2ff0a3b70b560122a52f67eb50bf
-
SHA1
15747565aea9329806fe74ffe1b9f70685edea9b
-
SHA256
b704a93a48716895f924221cc63e3bec2f9681b92cfe4b9176f1cf98ce77ce74
-
SHA512
0abb3bcfe8962d7bec40fe507908909ffe57e6b49bf0e6a098cc4574ba2b979f8894c8016ef276ce250aaf723f1c4a910e44fe9b4868af66b3cadd2a989b3428
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-