General
-
Target
45d009a711f86898927fb52faa5a7ab5a20955c9fc0c44cfc9df2187b8d6dd22
-
Size
3.2MB
-
Sample
220215-q5q5aafed2
-
MD5
8ce6f635950c9bc691d7b17bc9fb33af
-
SHA1
d69e755e1914a4d02642c9ba1cd2eb9447580689
-
SHA256
45d009a711f86898927fb52faa5a7ab5a20955c9fc0c44cfc9df2187b8d6dd22
-
SHA512
bd1dbd4b2e63c061060a13fe37500d3ba7e441f0fa16b40c0bc291ed7c8416b6730c12b9f8d0fb56e0200729db9b6fdc1548143208d12aab0935470aaf2833be
Static task
static1
Behavioral task
behavioral1
Sample
45d009a711f86898927fb52faa5a7ab5a20955c9fc0c44cfc9df2187b8d6dd22.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
45d009a711f86898927fb52faa5a7ab5a20955c9fc0c44cfc9df2187b8d6dd22.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
45d009a711f86898927fb52faa5a7ab5a20955c9fc0c44cfc9df2187b8d6dd22
-
Size
3.2MB
-
MD5
8ce6f635950c9bc691d7b17bc9fb33af
-
SHA1
d69e755e1914a4d02642c9ba1cd2eb9447580689
-
SHA256
45d009a711f86898927fb52faa5a7ab5a20955c9fc0c44cfc9df2187b8d6dd22
-
SHA512
bd1dbd4b2e63c061060a13fe37500d3ba7e441f0fa16b40c0bc291ed7c8416b6730c12b9f8d0fb56e0200729db9b6fdc1548143208d12aab0935470aaf2833be
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-