General
-
Target
25e5c1bba7e90a8fb32feef0f46b80eef859b4224dad980143dbfa8f1bd19764
-
Size
2.8MB
-
Sample
220215-r9m4vsgbc8
-
MD5
515c703403c6040c977ecf16ead9a919
-
SHA1
a9d52981f413333b2b26f51cfa9b94fb1a329469
-
SHA256
25e5c1bba7e90a8fb32feef0f46b80eef859b4224dad980143dbfa8f1bd19764
-
SHA512
88ef15f475036e3eebcf7f69375b01bcec5d0dbadddc0715200fbed1e442a73bf7fb635b83598a5d1dabe14f274da8802988e067d6eb921a4e6d6fefc4ab5c59
Static task
static1
Behavioral task
behavioral1
Sample
25e5c1bba7e90a8fb32feef0f46b80eef859b4224dad980143dbfa8f1bd19764.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
25e5c1bba7e90a8fb32feef0f46b80eef859b4224dad980143dbfa8f1bd19764.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
25e5c1bba7e90a8fb32feef0f46b80eef859b4224dad980143dbfa8f1bd19764
-
Size
2.8MB
-
MD5
515c703403c6040c977ecf16ead9a919
-
SHA1
a9d52981f413333b2b26f51cfa9b94fb1a329469
-
SHA256
25e5c1bba7e90a8fb32feef0f46b80eef859b4224dad980143dbfa8f1bd19764
-
SHA512
88ef15f475036e3eebcf7f69375b01bcec5d0dbadddc0715200fbed1e442a73bf7fb635b83598a5d1dabe14f274da8802988e067d6eb921a4e6d6fefc4ab5c59
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-