General
-
Target
2699731ede4aa7a546902b1804e51da941465c6b6888978de006e6cec450e173
-
Size
3.3MB
-
Sample
220215-r8l56sgbb6
-
MD5
a3a3d3ee2e111da1891ae6f8537edc00
-
SHA1
1b68ff4c89f3b68b811dae4888e9b9c130235767
-
SHA256
2699731ede4aa7a546902b1804e51da941465c6b6888978de006e6cec450e173
-
SHA512
871f9881615799c1c84c468c17c816623f3216e04466a77f83926ddb0d56dc5fbec5720f2abcf6985230338eb3f905dcad44f0e72992d4ea9309a4b33b8a09dc
Static task
static1
Behavioral task
behavioral1
Sample
2699731ede4aa7a546902b1804e51da941465c6b6888978de006e6cec450e173.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2699731ede4aa7a546902b1804e51da941465c6b6888978de006e6cec450e173.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
2699731ede4aa7a546902b1804e51da941465c6b6888978de006e6cec450e173
-
Size
3.3MB
-
MD5
a3a3d3ee2e111da1891ae6f8537edc00
-
SHA1
1b68ff4c89f3b68b811dae4888e9b9c130235767
-
SHA256
2699731ede4aa7a546902b1804e51da941465c6b6888978de006e6cec450e173
-
SHA512
871f9881615799c1c84c468c17c816623f3216e04466a77f83926ddb0d56dc5fbec5720f2abcf6985230338eb3f905dcad44f0e72992d4ea9309a4b33b8a09dc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-