General
-
Target
f7b1639b6c4ca677ba279b945a94c5f6d67e6c4c89fd39cd8be882a8a7cdfcaa
-
Size
3.1MB
-
Sample
220708-dzg8zahed5
-
MD5
422a6ca28a7e4d8e5e498523c6f049f4
-
SHA1
22f3610b4ff0537d6eca10321c5f762fa27085fd
-
SHA256
f7b1639b6c4ca677ba279b945a94c5f6d67e6c4c89fd39cd8be882a8a7cdfcaa
-
SHA512
0848595336390c86ec2212b85e99badfa6902191afd595e9df13cdbfd4b6a58116a667896ad133742b29654ae7e77b0a99ac3dc15571fb9753e5ff9e3d19d510
Malware Config
Targets
-
-
Target
f7b1639b6c4ca677ba279b945a94c5f6d67e6c4c89fd39cd8be882a8a7cdfcaa
-
Size
3.1MB
-
MD5
422a6ca28a7e4d8e5e498523c6f049f4
-
SHA1
22f3610b4ff0537d6eca10321c5f762fa27085fd
-
SHA256
f7b1639b6c4ca677ba279b945a94c5f6d67e6c4c89fd39cd8be882a8a7cdfcaa
-
SHA512
0848595336390c86ec2212b85e99badfa6902191afd595e9df13cdbfd4b6a58116a667896ad133742b29654ae7e77b0a99ac3dc15571fb9753e5ff9e3d19d510
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-