General
-
Target
3ca5f2de332bcefd154a924a14ef268bb506e1bebfc8863e630d370de41e4aa9
-
Size
3.1MB
-
Sample
220215-rfxq7sffg5
-
MD5
bca63fa3eb3add2128ead0e0c099fd8c
-
SHA1
105c8dd05963070a67e764975baba58789b7ef3a
-
SHA256
3ca5f2de332bcefd154a924a14ef268bb506e1bebfc8863e630d370de41e4aa9
-
SHA512
f9cf959092eae67f7c1ac7c7520e9644a371ef5f8acf7c6e2955e684c1aedc6c843c03207a167607dee7cd898dd168431966079c4220abb2c89db15e7f82de64
Static task
static1
Behavioral task
behavioral1
Sample
3ca5f2de332bcefd154a924a14ef268bb506e1bebfc8863e630d370de41e4aa9.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3ca5f2de332bcefd154a924a14ef268bb506e1bebfc8863e630d370de41e4aa9.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
3ca5f2de332bcefd154a924a14ef268bb506e1bebfc8863e630d370de41e4aa9
-
Size
3.1MB
-
MD5
bca63fa3eb3add2128ead0e0c099fd8c
-
SHA1
105c8dd05963070a67e764975baba58789b7ef3a
-
SHA256
3ca5f2de332bcefd154a924a14ef268bb506e1bebfc8863e630d370de41e4aa9
-
SHA512
f9cf959092eae67f7c1ac7c7520e9644a371ef5f8acf7c6e2955e684c1aedc6c843c03207a167607dee7cd898dd168431966079c4220abb2c89db15e7f82de64
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-