Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
22-06-2022 14:42
General
-
Target
2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0.exe
-
Size
2.9MB
-
MD5
c9480f159f75bcac7884e27751b0447a
-
SHA1
4d253e87f294b23b205753f7aa900b5c853d08c1
-
SHA256
2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0
-
SHA512
dc3b1728bc036f5b37910ef31b6e5d7ea0fffeba326dfa4e4bb6f90172bb1bea90f76c07bb098ed9e8da5c23393484b9bfd25d2900d1c9343fe591d02d3c3404
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 1 IoCs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0.exe"C:\Users\Admin\AppData\Local\Temp\2d950b55304ad25f6e513d0d995a6b401f3121dfb26d1a9659c2daa06c83f3b0.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1040-54-0x0000000076811000-0x0000000076813000-memory.dmpFilesize
8KB
-
memory/1040-55-0x00000000010E0000-0x0000000001808000-memory.dmpFilesize
7.2MB
-
memory/1040-58-0x0000000077860000-0x00000000779E0000-memory.dmpFilesize
1.5MB
-
memory/1040-59-0x00000000010E0000-0x0000000001808000-memory.dmpFilesize
7.2MB