General
-
Target
b2eb3021cbedb92df73aaf960a14c73f01ffc9b07f39e4052f679414ae983b57
-
Size
541KB
-
Sample
220625-czm9jsagbq
-
MD5
cf606a21fd97cb1fdb844526f9341167
-
SHA1
6526497f5fb86519bbe71b23f791187679e0b2e5
-
SHA256
b2eb3021cbedb92df73aaf960a14c73f01ffc9b07f39e4052f679414ae983b57
-
SHA512
cd71158c321613c15bb7e2c5e15d5b92d3b9e9f003d0c86990497702c234418988917d09ebe595f38b65f9d1b1e81b52d2bd79a1e944699b6d5d0e66eb88ce5c
Static task
static1
Behavioral task
behavioral1
Sample
b2eb3021cbedb92df73aaf960a14c73f01ffc9b07f39e4052f679414ae983b57.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b2eb3021cbedb92df73aaf960a14c73f01ffc9b07f39e4052f679414ae983b57.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
b2eb3021cbedb92df73aaf960a14c73f01ffc9b07f39e4052f679414ae983b57
-
Size
541KB
-
MD5
cf606a21fd97cb1fdb844526f9341167
-
SHA1
6526497f5fb86519bbe71b23f791187679e0b2e5
-
SHA256
b2eb3021cbedb92df73aaf960a14c73f01ffc9b07f39e4052f679414ae983b57
-
SHA512
cd71158c321613c15bb7e2c5e15d5b92d3b9e9f003d0c86990497702c234418988917d09ebe595f38b65f9d1b1e81b52d2bd79a1e944699b6d5d0e66eb88ce5c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-