General
-
Target
49a0fe8a81d7313a8e98992a802e15f62404f3456f844a9621a0d37e290089e2
-
Size
2.9MB
-
Sample
220712-tkwe2scbd2
-
MD5
5ba75a562cf303128aa21b6d46fbc280
-
SHA1
c0a393e9fdabe1de0adc90175a232cfb7ea19a08
-
SHA256
49a0fe8a81d7313a8e98992a802e15f62404f3456f844a9621a0d37e290089e2
-
SHA512
ef93859ec8109c6e4c8aefb05047ba7b2d7c278207e3e7495d9ed77935005be9351709f94f89979e458adf326b746dfdd7458fbb30a3f3c5b593d421ba1c87c0
Static task
static1
Behavioral task
behavioral1
Sample
49a0fe8a81d7313a8e98992a802e15f62404f3456f844a9621a0d37e290089e2.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
49a0fe8a81d7313a8e98992a802e15f62404f3456f844a9621a0d37e290089e2.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
49a0fe8a81d7313a8e98992a802e15f62404f3456f844a9621a0d37e290089e2
-
Size
2.9MB
-
MD5
5ba75a562cf303128aa21b6d46fbc280
-
SHA1
c0a393e9fdabe1de0adc90175a232cfb7ea19a08
-
SHA256
49a0fe8a81d7313a8e98992a802e15f62404f3456f844a9621a0d37e290089e2
-
SHA512
ef93859ec8109c6e4c8aefb05047ba7b2d7c278207e3e7495d9ed77935005be9351709f94f89979e458adf326b746dfdd7458fbb30a3f3c5b593d421ba1c87c0
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-