General
-
Target
64d9453cc58f0211a35aa30f28225cfe779dd4209c8c90582b4d8ceddd1f57c2
-
Size
3.2MB
-
Sample
220215-pz7z6sgcel
-
MD5
4877d2d42be2eab60dd7a58837013814
-
SHA1
d92ec9263fb05042b87bb342d0f50374238c1e60
-
SHA256
64d9453cc58f0211a35aa30f28225cfe779dd4209c8c90582b4d8ceddd1f57c2
-
SHA512
d84a2438782d378d552cf5fe64264805aa4a1c7cedf1da5633ed08273bd198f23ac23fb010bbbe6105f72b5ce6f08b030076de8b4485a62374a80141647f35be
Malware Config
Targets
-
-
Target
64d9453cc58f0211a35aa30f28225cfe779dd4209c8c90582b4d8ceddd1f57c2
-
Size
3.2MB
-
MD5
4877d2d42be2eab60dd7a58837013814
-
SHA1
d92ec9263fb05042b87bb342d0f50374238c1e60
-
SHA256
64d9453cc58f0211a35aa30f28225cfe779dd4209c8c90582b4d8ceddd1f57c2
-
SHA512
d84a2438782d378d552cf5fe64264805aa4a1c7cedf1da5633ed08273bd198f23ac23fb010bbbe6105f72b5ce6f08b030076de8b4485a62374a80141647f35be
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-