redline | 3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586 | Triage

Submit
Reports

Overview

overview

Static

static

7

3ccc1c9415...86.exe

windows7_x64

3ccc1c9415...86.exe

windows10-2004_x64

Sharing

General

Target

3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586
Size

2.7MB
Sample

220703-fyzsqsgdhp
MD5

d61fd67d260626e8d8a9119e80557db5
SHA1

4ac6b15f944c012adac83f3dea4aeca1e89734fb
SHA256

3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586
SHA512

03f1c5b94c7773ff7475e344ce542967fedc2765ac9a18959de28ad206acd0d0469756fb50c2ca3d8b28cc89f8a202aa90a14c7cbf21d044fdfc7025ad06179a

Score

10^/10

redline evasion infostealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586.exe

Resource

win7-20220414-en

redline evasion infostealer themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586.exe

Resource

win10v2004-20220414-en

redline evasion infostealer themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586
- Size
  
  2.7MB
- MD5
  
  d61fd67d260626e8d8a9119e80557db5
- SHA1
  
  4ac6b15f944c012adac83f3dea4aeca1e89734fb
- SHA256
  
  3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586
- SHA512
  
  03f1c5b94c7773ff7475e344ce542967fedc2765ac9a18959de28ad206acd0d0469756fb50c2ca3d8b28cc89f8a202aa90a14c7cbf21d044fdfc7025ad06179a
Score

10^/10

redline evasion infostealer themida trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineevasioninfostealerthemidatrojan

behavioral2

redlineevasioninfostealerthemidatrojan

© 2018-2024

Terms | Privacy