General
-
Target
4b7b9c0cd9f72c551d60e29f34b2f9d98274866c2118d228b7919e2aad71c714
-
Size
3.1MB
-
Sample
220215-qxq5baggcp
-
MD5
45df874c8aa701dfc44c8a34b6737dcb
-
SHA1
b70957a4998ed699e3417f49478c6f185b2dc5b7
-
SHA256
4b7b9c0cd9f72c551d60e29f34b2f9d98274866c2118d228b7919e2aad71c714
-
SHA512
469e4c4a943895c1484be13f258db9599af9c4703f9310bcb5f96eeff054460b11fca0f296d8910e93c2fb5839ee10903fa6a76a887893767de4d6328cfd9efb
Static task
static1
Behavioral task
behavioral1
Sample
4b7b9c0cd9f72c551d60e29f34b2f9d98274866c2118d228b7919e2aad71c714.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
4b7b9c0cd9f72c551d60e29f34b2f9d98274866c2118d228b7919e2aad71c714.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
4b7b9c0cd9f72c551d60e29f34b2f9d98274866c2118d228b7919e2aad71c714
-
Size
3.1MB
-
MD5
45df874c8aa701dfc44c8a34b6737dcb
-
SHA1
b70957a4998ed699e3417f49478c6f185b2dc5b7
-
SHA256
4b7b9c0cd9f72c551d60e29f34b2f9d98274866c2118d228b7919e2aad71c714
-
SHA512
469e4c4a943895c1484be13f258db9599af9c4703f9310bcb5f96eeff054460b11fca0f296d8910e93c2fb5839ee10903fa6a76a887893767de4d6328cfd9efb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-