General
-
Target
b2b5189bae68be2ce6132e8a07ac35967f33d5a51116d77c436a30a90d62760a
-
Size
3.0MB
-
Sample
220215-hrqycscac4
-
MD5
0288650ee8dd30463a93d199a1e1cc93
-
SHA1
5f10dbdb3171fb4e731705110802ad3275226745
-
SHA256
b2b5189bae68be2ce6132e8a07ac35967f33d5a51116d77c436a30a90d62760a
-
SHA512
9a83555bd8f7578b7503e8f175107548e8cdc6e72c014aa547253ac71b922b2cd49d8199a3875ce2b620dd9432b5f44fcaf0e3b96c35251be41ade6f5b032388
Static task
static1
Behavioral task
behavioral1
Sample
b2b5189bae68be2ce6132e8a07ac35967f33d5a51116d77c436a30a90d62760a.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b2b5189bae68be2ce6132e8a07ac35967f33d5a51116d77c436a30a90d62760a.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
b2b5189bae68be2ce6132e8a07ac35967f33d5a51116d77c436a30a90d62760a
-
Size
3.0MB
-
MD5
0288650ee8dd30463a93d199a1e1cc93
-
SHA1
5f10dbdb3171fb4e731705110802ad3275226745
-
SHA256
b2b5189bae68be2ce6132e8a07ac35967f33d5a51116d77c436a30a90d62760a
-
SHA512
9a83555bd8f7578b7503e8f175107548e8cdc6e72c014aa547253ac71b922b2cd49d8199a3875ce2b620dd9432b5f44fcaf0e3b96c35251be41ade6f5b032388
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-