General
-
Target
5220eb2b8f2566161339033ee399b1d8b4bb80acd1dd747f5347e9c9a15bf342
-
Size
2.6MB
-
Sample
220215-qn2jpagfcm
-
MD5
543f234b86050880870b84b1c0c70562
-
SHA1
4c9584be43ea63835be7651bb93f6d2f2b2f147b
-
SHA256
5220eb2b8f2566161339033ee399b1d8b4bb80acd1dd747f5347e9c9a15bf342
-
SHA512
cdd601e6bde5578f8b0a3d28e3b623c010a4425c85ab22c3eec3477fd1fee67b440f14fd4112e4d28ececc22780277c6726e15a193d58a0c4522b3a7864d90a6
Static task
static1
Behavioral task
behavioral1
Sample
5220eb2b8f2566161339033ee399b1d8b4bb80acd1dd747f5347e9c9a15bf342.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
5220eb2b8f2566161339033ee399b1d8b4bb80acd1dd747f5347e9c9a15bf342.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
5220eb2b8f2566161339033ee399b1d8b4bb80acd1dd747f5347e9c9a15bf342
-
Size
2.6MB
-
MD5
543f234b86050880870b84b1c0c70562
-
SHA1
4c9584be43ea63835be7651bb93f6d2f2b2f147b
-
SHA256
5220eb2b8f2566161339033ee399b1d8b4bb80acd1dd747f5347e9c9a15bf342
-
SHA512
cdd601e6bde5578f8b0a3d28e3b623c010a4425c85ab22c3eec3477fd1fee67b440f14fd4112e4d28ececc22780277c6726e15a193d58a0c4522b3a7864d90a6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-