General
-
Target
5403cf7c3553e260e110b2061b00cda6ed1c2fbf39485da32a6f0df48ba90bdc
-
Size
3.2MB
-
Sample
220215-qmhp7afcd2
-
MD5
0af901afbf8accf27346044644c69083
-
SHA1
12d743eef35e8d1eb2abc79cf48906a5860c973a
-
SHA256
5403cf7c3553e260e110b2061b00cda6ed1c2fbf39485da32a6f0df48ba90bdc
-
SHA512
88b56edfff5a2538c64f3598687c640c72ae49e7608522ab8f1aca4a3bbbb65e66966c5c7b9f17c8a6b0a28ac473f852a3ae5bab1b64a0c0fa424d4b35150a81
Static task
static1
Behavioral task
behavioral1
Sample
5403cf7c3553e260e110b2061b00cda6ed1c2fbf39485da32a6f0df48ba90bdc.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5403cf7c3553e260e110b2061b00cda6ed1c2fbf39485da32a6f0df48ba90bdc.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
5403cf7c3553e260e110b2061b00cda6ed1c2fbf39485da32a6f0df48ba90bdc
-
Size
3.2MB
-
MD5
0af901afbf8accf27346044644c69083
-
SHA1
12d743eef35e8d1eb2abc79cf48906a5860c973a
-
SHA256
5403cf7c3553e260e110b2061b00cda6ed1c2fbf39485da32a6f0df48ba90bdc
-
SHA512
88b56edfff5a2538c64f3598687c640c72ae49e7608522ab8f1aca4a3bbbb65e66966c5c7b9f17c8a6b0a28ac473f852a3ae5bab1b64a0c0fa424d4b35150a81
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-