General
-
Target
12dcbb853c5f79c646575964e8826f14657e9109bbed74c8ffc128092877e131
-
Size
2.9MB
-
Sample
220215-sw3stshfhq
-
MD5
222ea23326d979ec240153a0e765d016
-
SHA1
9e54e83414656803bf3fb793615533995c998bcf
-
SHA256
12dcbb853c5f79c646575964e8826f14657e9109bbed74c8ffc128092877e131
-
SHA512
56d353368e13c6e35870136303e1facdd493d370951af32f765d1a49b8db8078843e46cdcd7ae5e1b36f58cbb385d490e0ea48017c8c29ef7ec7153ac2b76f00
Static task
static1
Behavioral task
behavioral1
Sample
12dcbb853c5f79c646575964e8826f14657e9109bbed74c8ffc128092877e131.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
12dcbb853c5f79c646575964e8826f14657e9109bbed74c8ffc128092877e131.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
12dcbb853c5f79c646575964e8826f14657e9109bbed74c8ffc128092877e131
-
Size
2.9MB
-
MD5
222ea23326d979ec240153a0e765d016
-
SHA1
9e54e83414656803bf3fb793615533995c998bcf
-
SHA256
12dcbb853c5f79c646575964e8826f14657e9109bbed74c8ffc128092877e131
-
SHA512
56d353368e13c6e35870136303e1facdd493d370951af32f765d1a49b8db8078843e46cdcd7ae5e1b36f58cbb385d490e0ea48017c8c29ef7ec7153ac2b76f00
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-