General
-
Target
45a40f1f5b36f96306b199956bdc4b7edbede22c69f46d78870d365bc3dc4278
-
Size
3.0MB
-
Sample
220707-ndg17agfd5
-
MD5
55e9cfd2fe4b28e97d3f43b9da3070f4
-
SHA1
7580da400b316d28f6b954b6690ba27b0b11b384
-
SHA256
45a40f1f5b36f96306b199956bdc4b7edbede22c69f46d78870d365bc3dc4278
-
SHA512
8804088b67944052ac0e0e0e2d4f3f76d03245683bcd33724abe72bc173c4575a865af54825f95f5ede0a0df53467950a1ade620084c201389c8d014ba347278
Static task
static1
Behavioral task
behavioral1
Sample
45a40f1f5b36f96306b199956bdc4b7edbede22c69f46d78870d365bc3dc4278.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
45a40f1f5b36f96306b199956bdc4b7edbede22c69f46d78870d365bc3dc4278.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
45a40f1f5b36f96306b199956bdc4b7edbede22c69f46d78870d365bc3dc4278
-
Size
3.0MB
-
MD5
55e9cfd2fe4b28e97d3f43b9da3070f4
-
SHA1
7580da400b316d28f6b954b6690ba27b0b11b384
-
SHA256
45a40f1f5b36f96306b199956bdc4b7edbede22c69f46d78870d365bc3dc4278
-
SHA512
8804088b67944052ac0e0e0e2d4f3f76d03245683bcd33724abe72bc173c4575a865af54825f95f5ede0a0df53467950a1ade620084c201389c8d014ba347278
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-