General
-
Target
2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0
-
Size
2.9MB
-
Sample
220622-r3fq7sbgb3
-
MD5
c9480f159f75bcac7884e27751b0447a
-
SHA1
4d253e87f294b23b205753f7aa900b5c853d08c1
-
SHA256
2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0
-
SHA512
dc3b1728bc036f5b37910ef31b6e5d7ea0fffeba326dfa4e4bb6f90172bb1bea90f76c07bb098ed9e8da5c23393484b9bfd25d2900d1c9343fe591d02d3c3404
Static task
static1
Behavioral task
behavioral1
Sample
2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0
-
Size
2.9MB
-
MD5
c9480f159f75bcac7884e27751b0447a
-
SHA1
4d253e87f294b23b205753f7aa900b5c853d08c1
-
SHA256
2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0
-
SHA512
dc3b1728bc036f5b37910ef31b6e5d7ea0fffeba326dfa4e4bb6f90172bb1bea90f76c07bb098ed9e8da5c23393484b9bfd25d2900d1c9343fe591d02d3c3404
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-