General
-
Target
3f6143b5b4286cedcc3c8adcb25b1a971e1657dde65cca796e117971c2ac58bd
-
Size
2.4MB
-
Sample
220701-b7z3msgfg2
-
MD5
a8db1bf1f4246c4e715f93f2a18fbe59
-
SHA1
5486db0d84862e68c4b9f24160bdc895bf3a45aa
-
SHA256
3f6143b5b4286cedcc3c8adcb25b1a971e1657dde65cca796e117971c2ac58bd
-
SHA512
905652518f08a3b0dba61706389c29eb91f4e9eab2071c550b6b0eb4092451c5f5b1abf992536efc723aaa4f335f027aecde5342465487547043d7842c0602e8
Malware Config
Targets
-
-
Target
3f6143b5b4286cedcc3c8adcb25b1a971e1657dde65cca796e117971c2ac58bd
-
Size
2.4MB
-
MD5
a8db1bf1f4246c4e715f93f2a18fbe59
-
SHA1
5486db0d84862e68c4b9f24160bdc895bf3a45aa
-
SHA256
3f6143b5b4286cedcc3c8adcb25b1a971e1657dde65cca796e117971c2ac58bd
-
SHA512
905652518f08a3b0dba61706389c29eb91f4e9eab2071c550b6b0eb4092451c5f5b1abf992536efc723aaa4f335f027aecde5342465487547043d7842c0602e8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-