General
-
Target
4859af96ed6b4bce85df58f7a9b38ec44391da11eab7c5461b79af488e5dcf23
-
Size
2.5MB
-
Sample
220714-dwb8jsbchp
-
MD5
f886a209238dac0aac29fa4a1ea9e6c3
-
SHA1
0025df751524c6167b45af87314d6db6b29c248c
-
SHA256
4859af96ed6b4bce85df58f7a9b38ec44391da11eab7c5461b79af488e5dcf23
-
SHA512
f6cc8ea052da34cd7f4cf236b27628fbffd72a2f952798c1a70971be5d7a420b6d780f11d135da9cfbd114c287c862e6219c046a3c1177ded593f7dd8e7d0968
Static task
static1
Behavioral task
behavioral1
Sample
4859af96ed6b4bce85df58f7a9b38ec44391da11eab7c5461b79af488e5dcf23.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4859af96ed6b4bce85df58f7a9b38ec44391da11eab7c5461b79af488e5dcf23.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
4859af96ed6b4bce85df58f7a9b38ec44391da11eab7c5461b79af488e5dcf23
-
Size
2.5MB
-
MD5
f886a209238dac0aac29fa4a1ea9e6c3
-
SHA1
0025df751524c6167b45af87314d6db6b29c248c
-
SHA256
4859af96ed6b4bce85df58f7a9b38ec44391da11eab7c5461b79af488e5dcf23
-
SHA512
f6cc8ea052da34cd7f4cf236b27628fbffd72a2f952798c1a70971be5d7a420b6d780f11d135da9cfbd114c287c862e6219c046a3c1177ded593f7dd8e7d0968
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-