General
-
Target
3ced46696cad85f4403546f5d7f9914acaa09146f664dd674daca034fea7f18f
-
Size
2.7MB
-
Sample
220215-rfmagahabj
-
MD5
c16aea130225c0a7e36c301404efabc1
-
SHA1
968d270c41f163a791ad27770fd87d8d16571620
-
SHA256
3ced46696cad85f4403546f5d7f9914acaa09146f664dd674daca034fea7f18f
-
SHA512
ea6a3115b3d2f583985eddcc25edfc5b31ebe0d8aaea8db9b32860d70828585839ee955dc909ae6524f888d93c10cf682b0d34775a712b5300eaa262e8a3d252
Static task
static1
Behavioral task
behavioral1
Sample
3ced46696cad85f4403546f5d7f9914acaa09146f664dd674daca034fea7f18f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3ced46696cad85f4403546f5d7f9914acaa09146f664dd674daca034fea7f18f.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
3ced46696cad85f4403546f5d7f9914acaa09146f664dd674daca034fea7f18f
-
Size
2.7MB
-
MD5
c16aea130225c0a7e36c301404efabc1
-
SHA1
968d270c41f163a791ad27770fd87d8d16571620
-
SHA256
3ced46696cad85f4403546f5d7f9914acaa09146f664dd674daca034fea7f18f
-
SHA512
ea6a3115b3d2f583985eddcc25edfc5b31ebe0d8aaea8db9b32860d70828585839ee955dc909ae6524f888d93c10cf682b0d34775a712b5300eaa262e8a3d252
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-