General
-
Target
09c8037c00f76b4dbb2df4e73f5038a706cf7859afe48798ca3c9f8d968c466f
-
Size
2.6MB
-
Sample
220215-s8b6msgfb2
-
MD5
7cdbf594ade7fbc05960c6233e210f15
-
SHA1
6dd7a4bba049a9c210c6c82f3155dc92fb711747
-
SHA256
09c8037c00f76b4dbb2df4e73f5038a706cf7859afe48798ca3c9f8d968c466f
-
SHA512
90e4c6d364ca4b5b7d0680a6bc58c0dfcb8017ac3bb5e7e4d67860bbdf36194931d1a2804ab285f091d5388fc720987d11c9a5f4e734697f60103be12399d3c4
Static task
static1
Behavioral task
behavioral1
Sample
09c8037c00f76b4dbb2df4e73f5038a706cf7859afe48798ca3c9f8d968c466f.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
09c8037c00f76b4dbb2df4e73f5038a706cf7859afe48798ca3c9f8d968c466f.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
09c8037c00f76b4dbb2df4e73f5038a706cf7859afe48798ca3c9f8d968c466f
-
Size
2.6MB
-
MD5
7cdbf594ade7fbc05960c6233e210f15
-
SHA1
6dd7a4bba049a9c210c6c82f3155dc92fb711747
-
SHA256
09c8037c00f76b4dbb2df4e73f5038a706cf7859afe48798ca3c9f8d968c466f
-
SHA512
90e4c6d364ca4b5b7d0680a6bc58c0dfcb8017ac3bb5e7e4d67860bbdf36194931d1a2804ab285f091d5388fc720987d11c9a5f4e734697f60103be12399d3c4
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-