General
-
Target
233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918
-
Size
3.4MB
-
Sample
220215-scamyahdfq
-
MD5
a6aebaf78d5d1d323dc4e7553424ecb3
-
SHA1
67443ca919e3f3811f50ba21321f3eda1d33909c
-
SHA256
233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918
-
SHA512
68dce0bbf2235ba83931898c13010f504009d2dbc8e00e780a59d7391af3fc8f0b7ce866fd5467a18094bb779fe7f6ca1be62d587e9bb2f3893fb05d742b6131
Static task
static1
Behavioral task
behavioral1
Sample
233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918
-
Size
3.4MB
-
MD5
a6aebaf78d5d1d323dc4e7553424ecb3
-
SHA1
67443ca919e3f3811f50ba21321f3eda1d33909c
-
SHA256
233cb353b4dc5f127dd7863501875f5be44b96e299e29c3b6c30b1e984e2c918
-
SHA512
68dce0bbf2235ba83931898c13010f504009d2dbc8e00e780a59d7391af3fc8f0b7ce866fd5467a18094bb779fe7f6ca1be62d587e9bb2f3893fb05d742b6131
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-