General
-
Target
3239ffaad610ff9934720350efe132dd9ca3fd8d1d812a67d1449c531e5782f2
-
Size
7.1MB
-
Sample
220620-jh3q8safhp
-
MD5
a776b0fb7cc1b3870f6234a12fbfb377
-
SHA1
7b3f180a2af62f06b8162e7290287202d6d80b41
-
SHA256
3239ffaad610ff9934720350efe132dd9ca3fd8d1d812a67d1449c531e5782f2
-
SHA512
f95909227004c610c52ca1d65ed3e8aff27dd5750c55b6a31f931e5c3e4089f305e648cb33f3be94e350625feaf7716f58b99bb541c60292ea7dd1d7d17b4f42
Behavioral task
behavioral1
Sample
3239ffaad610ff9934720350efe132dd9ca3fd8d1d812a67d1449c531e5782f2.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
3239ffaad610ff9934720350efe132dd9ca3fd8d1d812a67d1449c531e5782f2
-
Size
7.1MB
-
MD5
a776b0fb7cc1b3870f6234a12fbfb377
-
SHA1
7b3f180a2af62f06b8162e7290287202d6d80b41
-
SHA256
3239ffaad610ff9934720350efe132dd9ca3fd8d1d812a67d1449c531e5782f2
-
SHA512
f95909227004c610c52ca1d65ed3e8aff27dd5750c55b6a31f931e5c3e4089f305e648cb33f3be94e350625feaf7716f58b99bb541c60292ea7dd1d7d17b4f42
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-