General
-
Target
79cb45eee469bf59ece663bd48afe66546a0b55a7fe30c6eb643ec17759a3c72
-
Size
3.0MB
-
Sample
220215-n92epsfheq
-
MD5
f221b506ae3f47e86adb4bfefd5cc2eb
-
SHA1
e21b1c7525c8f335092613b07fddfff58b72a31a
-
SHA256
79cb45eee469bf59ece663bd48afe66546a0b55a7fe30c6eb643ec17759a3c72
-
SHA512
821d0101e388ee750a81aa76685317eb02431b9488e08287a511135503e4239a08ee5fc1e9d227de73f72ac3a26a0d969a6984ee3a5c9789e30f50bfdbd78568
Malware Config
Targets
-
-
Target
79cb45eee469bf59ece663bd48afe66546a0b55a7fe30c6eb643ec17759a3c72
-
Size
3.0MB
-
MD5
f221b506ae3f47e86adb4bfefd5cc2eb
-
SHA1
e21b1c7525c8f335092613b07fddfff58b72a31a
-
SHA256
79cb45eee469bf59ece663bd48afe66546a0b55a7fe30c6eb643ec17759a3c72
-
SHA512
821d0101e388ee750a81aa76685317eb02431b9488e08287a511135503e4239a08ee5fc1e9d227de73f72ac3a26a0d969a6984ee3a5c9789e30f50bfdbd78568
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-