General
-
Target
3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586
-
Size
2.7MB
-
Sample
220703-fyzsqsgdhp
-
MD5
d61fd67d260626e8d8a9119e80557db5
-
SHA1
4ac6b15f944c012adac83f3dea4aeca1e89734fb
-
SHA256
3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586
-
SHA512
03f1c5b94c7773ff7475e344ce542967fedc2765ac9a18959de28ad206acd0d0469756fb50c2ca3d8b28cc89f8a202aa90a14c7cbf21d044fdfc7025ad06179a
Static task
static1
Behavioral task
behavioral1
Sample
3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586
-
Size
2.7MB
-
MD5
d61fd67d260626e8d8a9119e80557db5
-
SHA1
4ac6b15f944c012adac83f3dea4aeca1e89734fb
-
SHA256
3ccc1c94157eaad82548495b36c756e2309c3b856892528427a52e9693f28586
-
SHA512
03f1c5b94c7773ff7475e344ce542967fedc2765ac9a18959de28ad206acd0d0469756fb50c2ca3d8b28cc89f8a202aa90a14c7cbf21d044fdfc7025ad06179a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-