General
-
Target
0bc3e0e2a07e716c603abd24dcae84cd34cae9f41460e0635e6126a19c00cca1
-
Size
2.5MB
-
Sample
220215-s54fqageg9
-
MD5
81145449114ce9e63c543beeca4e3cb2
-
SHA1
9738ae925caa842a9f946202cc46665e6d5cc82f
-
SHA256
0bc3e0e2a07e716c603abd24dcae84cd34cae9f41460e0635e6126a19c00cca1
-
SHA512
1451c55d2c768c774ec6147b607fa93ba7d7aa3f2153642ce12ca6f67284c14739dc3f68d885e4fd5d4b3360592dcb3371fb12abe8c468b36a9949a919e11520
Static task
static1
Behavioral task
behavioral1
Sample
0bc3e0e2a07e716c603abd24dcae84cd34cae9f41460e0635e6126a19c00cca1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0bc3e0e2a07e716c603abd24dcae84cd34cae9f41460e0635e6126a19c00cca1.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
0bc3e0e2a07e716c603abd24dcae84cd34cae9f41460e0635e6126a19c00cca1
-
Size
2.5MB
-
MD5
81145449114ce9e63c543beeca4e3cb2
-
SHA1
9738ae925caa842a9f946202cc46665e6d5cc82f
-
SHA256
0bc3e0e2a07e716c603abd24dcae84cd34cae9f41460e0635e6126a19c00cca1
-
SHA512
1451c55d2c768c774ec6147b607fa93ba7d7aa3f2153642ce12ca6f67284c14739dc3f68d885e4fd5d4b3360592dcb3371fb12abe8c468b36a9949a919e11520
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-