General
-
Target
3df695d38bbf1000bf8ba91c514b7501c893603d0834e7d7873b4773296b459c
-
Size
2.7MB
-
Sample
220701-q6rr7sehhm
-
MD5
09053a35b18ce029e4265a35d2973ba6
-
SHA1
a26d5b385982a84a8bd27448e73fed169f6a9721
-
SHA256
3df695d38bbf1000bf8ba91c514b7501c893603d0834e7d7873b4773296b459c
-
SHA512
e13d6f5167cb552f366612f0b210c6e0eb8f12b0f20c68851b66497ae40d5c6e62efca00fd2bc6fda0f3b1d5e86a1c825bef55c20af0ca9d49564d1d0f88c476
Static task
static1
Behavioral task
behavioral1
Sample
3df695d38bbf1000bf8ba91c514b7501c893603d0834e7d7873b4773296b459c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3df695d38bbf1000bf8ba91c514b7501c893603d0834e7d7873b4773296b459c.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
3df695d38bbf1000bf8ba91c514b7501c893603d0834e7d7873b4773296b459c
-
Size
2.7MB
-
MD5
09053a35b18ce029e4265a35d2973ba6
-
SHA1
a26d5b385982a84a8bd27448e73fed169f6a9721
-
SHA256
3df695d38bbf1000bf8ba91c514b7501c893603d0834e7d7873b4773296b459c
-
SHA512
e13d6f5167cb552f366612f0b210c6e0eb8f12b0f20c68851b66497ae40d5c6e62efca00fd2bc6fda0f3b1d5e86a1c825bef55c20af0ca9d49564d1d0f88c476
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-