General
-
Target
6330eaf784d78dec8f58ab6da67dd186a0ba8c99f6f242acf09b1bfdd117d09c
-
Size
2.4MB
-
Sample
220215-p3zszafac6
-
MD5
76a202356aaed0df4a5952f37fc0b30f
-
SHA1
db21ac9d452feda9cf4d772302306ac509f73ac2
-
SHA256
6330eaf784d78dec8f58ab6da67dd186a0ba8c99f6f242acf09b1bfdd117d09c
-
SHA512
d1a75885770dc753e7109facf546a9a56449ebb5172f5e3d5f8d074052a1e3be32dde46311c9b1e6c994f65f511c89f9021d38c565c2263414f3afc83870cffe
Malware Config
Targets
-
-
Target
6330eaf784d78dec8f58ab6da67dd186a0ba8c99f6f242acf09b1bfdd117d09c
-
Size
2.4MB
-
MD5
76a202356aaed0df4a5952f37fc0b30f
-
SHA1
db21ac9d452feda9cf4d772302306ac509f73ac2
-
SHA256
6330eaf784d78dec8f58ab6da67dd186a0ba8c99f6f242acf09b1bfdd117d09c
-
SHA512
d1a75885770dc753e7109facf546a9a56449ebb5172f5e3d5f8d074052a1e3be32dde46311c9b1e6c994f65f511c89f9021d38c565c2263414f3afc83870cffe
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-