General
-
Target
2e662c7bc7c28596116b25028e7207722d9a609a0d634677ecc7a9ec5d5b878c
-
Size
2.8MB
-
Sample
220622-kqm67aegf7
-
MD5
42b723af993da6045a5a1b2d9a45e41d
-
SHA1
51c2f4b6531d6a44e5e909b3c20e27c46d674b19
-
SHA256
2e662c7bc7c28596116b25028e7207722d9a609a0d634677ecc7a9ec5d5b878c
-
SHA512
08fbe522b3c81742efdac92ac166791d762e10224c49ee5232797871aad4013a8af77e6ea215a13b5bdc30fc4ec9c9103d726db8cfe890ce6307cc8fc734c715
Static task
static1
Behavioral task
behavioral1
Sample
2e662c7bc7c28596116b25028e7207722d9a609a0d634677ecc7a9ec5d5b878c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2e662c7bc7c28596116b25028e7207722d9a609a0d634677ecc7a9ec5d5b878c.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
2e662c7bc7c28596116b25028e7207722d9a609a0d634677ecc7a9ec5d5b878c
-
Size
2.8MB
-
MD5
42b723af993da6045a5a1b2d9a45e41d
-
SHA1
51c2f4b6531d6a44e5e909b3c20e27c46d674b19
-
SHA256
2e662c7bc7c28596116b25028e7207722d9a609a0d634677ecc7a9ec5d5b878c
-
SHA512
08fbe522b3c81742efdac92ac166791d762e10224c49ee5232797871aad4013a8af77e6ea215a13b5bdc30fc4ec9c9103d726db8cfe890ce6307cc8fc734c715
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-