General
-
Target
014ba5a38cdf8d2bba4727c333e9249ccd3162dfb791386bd955ff98594a16d3
-
Size
2.9MB
-
Sample
220215-tjx79aaaek
-
MD5
72ca071eb965a52aa5d1d2b40178a75b
-
SHA1
e84a779665cc6a223a5910d55f730a72a7f72a53
-
SHA256
014ba5a38cdf8d2bba4727c333e9249ccd3162dfb791386bd955ff98594a16d3
-
SHA512
891cd92ef9f3d1134bd4c0a4b5cfc0ead537233b4ef7a1d5627d0ab330bcfb78cc11a20f07e553be125022397f1064f5b142661f53eb1f6616b4bdbd335eacf3
Static task
static1
Behavioral task
behavioral1
Sample
014ba5a38cdf8d2bba4727c333e9249ccd3162dfb791386bd955ff98594a16d3.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
014ba5a38cdf8d2bba4727c333e9249ccd3162dfb791386bd955ff98594a16d3.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
014ba5a38cdf8d2bba4727c333e9249ccd3162dfb791386bd955ff98594a16d3
-
Size
2.9MB
-
MD5
72ca071eb965a52aa5d1d2b40178a75b
-
SHA1
e84a779665cc6a223a5910d55f730a72a7f72a53
-
SHA256
014ba5a38cdf8d2bba4727c333e9249ccd3162dfb791386bd955ff98594a16d3
-
SHA512
891cd92ef9f3d1134bd4c0a4b5cfc0ead537233b4ef7a1d5627d0ab330bcfb78cc11a20f07e553be125022397f1064f5b142661f53eb1f6616b4bdbd335eacf3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-