General
-
Target
32e00ac923efd525db2bb8a2f820350c114e25a8960403a004a134aeab08c1bf
-
Size
2.8MB
-
Sample
220215-rs6vmshbdn
-
MD5
7c21d6493161c1669455021f93e99969
-
SHA1
992556a5cc0d319f059dbcd660e08c6cf3395542
-
SHA256
32e00ac923efd525db2bb8a2f820350c114e25a8960403a004a134aeab08c1bf
-
SHA512
23a6cc77e1ea3f215cde65ddcdc7851aed1c8b2a15c01085696853061d2690c6fa302302117f867b7ee68c7f08d94e8bed20f510aaf46e11c6ef1f33a4c324b2
Static task
static1
Behavioral task
behavioral1
Sample
32e00ac923efd525db2bb8a2f820350c114e25a8960403a004a134aeab08c1bf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
32e00ac923efd525db2bb8a2f820350c114e25a8960403a004a134aeab08c1bf.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
32e00ac923efd525db2bb8a2f820350c114e25a8960403a004a134aeab08c1bf
-
Size
2.8MB
-
MD5
7c21d6493161c1669455021f93e99969
-
SHA1
992556a5cc0d319f059dbcd660e08c6cf3395542
-
SHA256
32e00ac923efd525db2bb8a2f820350c114e25a8960403a004a134aeab08c1bf
-
SHA512
23a6cc77e1ea3f215cde65ddcdc7851aed1c8b2a15c01085696853061d2690c6fa302302117f867b7ee68c7f08d94e8bed20f510aaf46e11c6ef1f33a4c324b2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-