General
-
Target
469f0480dcb257a272ce4afefcde5cc5770d670b50fd5f953d8f4523f0e9b8d2
-
Size
3.8MB
-
Sample
220707-j3whnagcbq
-
MD5
c573cdb9c01695d5ae7291352dc5fcef
-
SHA1
7b807abcb1ee8e613020aa962e7e83fb7612b5e4
-
SHA256
469f0480dcb257a272ce4afefcde5cc5770d670b50fd5f953d8f4523f0e9b8d2
-
SHA512
46749c81378126b8fcff5e68daf6328bb7116fe73607862a784c3e832bb78d8da11d1c39e1fb801a8ece3b0ce5019f500b127733afaae6eac51da293ad13cca9
Static task
static1
Behavioral task
behavioral1
Sample
469f0480dcb257a272ce4afefcde5cc5770d670b50fd5f953d8f4523f0e9b8d2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
469f0480dcb257a272ce4afefcde5cc5770d670b50fd5f953d8f4523f0e9b8d2.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
469f0480dcb257a272ce4afefcde5cc5770d670b50fd5f953d8f4523f0e9b8d2
-
Size
3.8MB
-
MD5
c573cdb9c01695d5ae7291352dc5fcef
-
SHA1
7b807abcb1ee8e613020aa962e7e83fb7612b5e4
-
SHA256
469f0480dcb257a272ce4afefcde5cc5770d670b50fd5f953d8f4523f0e9b8d2
-
SHA512
46749c81378126b8fcff5e68daf6328bb7116fe73607862a784c3e832bb78d8da11d1c39e1fb801a8ece3b0ce5019f500b127733afaae6eac51da293ad13cca9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-