General
-
Target
40b8be16a470f1c1b02d15c52225e92125db6a783c564ed5143cf7cc1d077bcb
-
Size
3.0MB
-
Sample
220215-rbqgbsghfp
-
MD5
e7289ec89b9926f19ed381f3d43b548a
-
SHA1
7ef45f8d8dab80c9c11a7ac5336f7c7d86bca7aa
-
SHA256
40b8be16a470f1c1b02d15c52225e92125db6a783c564ed5143cf7cc1d077bcb
-
SHA512
00d02dff0a728faa8a66d984132bc22eb0ad6242f7e834e536c4818229cdab34f3f2a1131480d9ce7b8d9ec5d1f01d430d2b2d2f9a2acd89b6663f051744a766
Static task
static1
Behavioral task
behavioral1
Sample
40b8be16a470f1c1b02d15c52225e92125db6a783c564ed5143cf7cc1d077bcb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
40b8be16a470f1c1b02d15c52225e92125db6a783c564ed5143cf7cc1d077bcb.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
40b8be16a470f1c1b02d15c52225e92125db6a783c564ed5143cf7cc1d077bcb
-
Size
3.0MB
-
MD5
e7289ec89b9926f19ed381f3d43b548a
-
SHA1
7ef45f8d8dab80c9c11a7ac5336f7c7d86bca7aa
-
SHA256
40b8be16a470f1c1b02d15c52225e92125db6a783c564ed5143cf7cc1d077bcb
-
SHA512
00d02dff0a728faa8a66d984132bc22eb0ad6242f7e834e536c4818229cdab34f3f2a1131480d9ce7b8d9ec5d1f01d430d2b2d2f9a2acd89b6663f051744a766
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-