General
-
Target
449e7db1fd41a357984ac61a9ed43d99e2e5f46e87b83816c42d9500bb30d9e5
-
Size
3.5MB
-
Sample
220707-xc3e6shcf4
-
MD5
eac98b76e0bbaad4b1be3fe88cef0fed
-
SHA1
49bff4f05b44e335aecaf7846e4f22c960035ee2
-
SHA256
449e7db1fd41a357984ac61a9ed43d99e2e5f46e87b83816c42d9500bb30d9e5
-
SHA512
a82d2ddbc83f1392229234a7c7406953667e4977727d6b79ed39dd4580c1faa3abb64c246f06b3742b455b32b5016665cf60a0cc07de02d8194a018152acbded
Static task
static1
Behavioral task
behavioral1
Sample
449e7db1fd41a357984ac61a9ed43d99e2e5f46e87b83816c42d9500bb30d9e5.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
449e7db1fd41a357984ac61a9ed43d99e2e5f46e87b83816c42d9500bb30d9e5.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
449e7db1fd41a357984ac61a9ed43d99e2e5f46e87b83816c42d9500bb30d9e5
-
Size
3.5MB
-
MD5
eac98b76e0bbaad4b1be3fe88cef0fed
-
SHA1
49bff4f05b44e335aecaf7846e4f22c960035ee2
-
SHA256
449e7db1fd41a357984ac61a9ed43d99e2e5f46e87b83816c42d9500bb30d9e5
-
SHA512
a82d2ddbc83f1392229234a7c7406953667e4977727d6b79ed39dd4580c1faa3abb64c246f06b3742b455b32b5016665cf60a0cc07de02d8194a018152acbded
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-