General
-
Target
ac6f90ff2e5bddd26a0e1abdf9d35b5533d0d09727a0fd1c28da4bfec2bda950
-
Size
6.4MB
-
Sample
220215-hz6zjsdecn
-
MD5
1008944bf8de596e9d032ab66a46caa7
-
SHA1
cc411e0c3b2a7ef3e02618bdab39d9a023f0569d
-
SHA256
ac6f90ff2e5bddd26a0e1abdf9d35b5533d0d09727a0fd1c28da4bfec2bda950
-
SHA512
67e9d1d78fa1a32b53f59c3a21846cb125b5f9d79acd56eb8357cd04aec754418a430b11287f106177439c49e9df08e72d5fab2e2ff1b7927cf2c48934ca393d
Malware Config
Targets
-
-
Target
ac6f90ff2e5bddd26a0e1abdf9d35b5533d0d09727a0fd1c28da4bfec2bda950
-
Size
6.4MB
-
MD5
1008944bf8de596e9d032ab66a46caa7
-
SHA1
cc411e0c3b2a7ef3e02618bdab39d9a023f0569d
-
SHA256
ac6f90ff2e5bddd26a0e1abdf9d35b5533d0d09727a0fd1c28da4bfec2bda950
-
SHA512
67e9d1d78fa1a32b53f59c3a21846cb125b5f9d79acd56eb8357cd04aec754418a430b11287f106177439c49e9df08e72d5fab2e2ff1b7927cf2c48934ca393d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-