redline | 26a470850db7daa36b8194cc87a6b4814ad548fbfe71a687c20eba0c458339dd | Triage

Submit
Reports

Overview

overview

Static

static

7

26a470850d...dd.exe

windows7_x64

26a470850d...dd.exe

windows10-2004_x64

Sharing

General

Target

26a470850db7daa36b8194cc87a6b4814ad548fbfe71a687c20eba0c458339dd
Size

2.9MB
Sample

220215-r8jp2shdbq
MD5

afcbc5f069308a891dd7210cba20cb5c
SHA1

c4bc9cd61e0d40e8d87a357649b9e9fdb6a55d3e
SHA256

26a470850db7daa36b8194cc87a6b4814ad548fbfe71a687c20eba0c458339dd
SHA512

0132a375856956a28f6d411552dd84b0af09608877181d6d3ee972ac8ce1306cba9764520da94ad76188cc0b108562c3756a415ca38e3eafd1b37ccd03999f40

Score

10^/10

redline evasion infostealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

26a470850db7daa36b8194cc87a6b4814ad548fbfe71a687c20eba0c458339dd.exe

Resource

win7-en-20211208

redline evasion infostealer themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

26a470850db7daa36b8194cc87a6b4814ad548fbfe71a687c20eba0c458339dd.exe

Resource

win10v2004-en-20220112

redline evasion infostealer themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  26a470850db7daa36b8194cc87a6b4814ad548fbfe71a687c20eba0c458339dd
- Size
  
  2.9MB
- MD5
  
  afcbc5f069308a891dd7210cba20cb5c
- SHA1
  
  c4bc9cd61e0d40e8d87a357649b9e9fdb6a55d3e
- SHA256
  
  26a470850db7daa36b8194cc87a6b4814ad548fbfe71a687c20eba0c458339dd
- SHA512
  
  0132a375856956a28f6d411552dd84b0af09608877181d6d3ee972ac8ce1306cba9764520da94ad76188cc0b108562c3756a415ca38e3eafd1b37ccd03999f40
Score

10^/10

redline evasion infostealer themida trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineevasioninfostealerthemidatrojan

behavioral2

redlineevasioninfostealerthemidatrojan

© 2018-2024

Terms | Privacy