General
-
Target
516f198a32a0d7c0e4cf081ac943e3c547988ca20b17b209713d4b06691dfa2a
-
Size
2.6MB
-
Sample
220718-ssl1xagab2
-
MD5
bfa0459ef95a349b0e12463ec1ea4c23
-
SHA1
8e321d0671df8c72c863bbf90060759729f255ec
-
SHA256
516f198a32a0d7c0e4cf081ac943e3c547988ca20b17b209713d4b06691dfa2a
-
SHA512
4999292156798e1b258def434a670348e4e316f2e37485562b0cf8ac73b976f4b883814ddfd4e768e6e3f377f489d752e5ea7a02450fe0a30a35dc75814e48ab
Behavioral task
behavioral1
Sample
516f198a32a0d7c0e4cf081ac943e3c547988ca20b17b209713d4b06691dfa2a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
516f198a32a0d7c0e4cf081ac943e3c547988ca20b17b209713d4b06691dfa2a.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
516f198a32a0d7c0e4cf081ac943e3c547988ca20b17b209713d4b06691dfa2a
-
Size
2.6MB
-
MD5
bfa0459ef95a349b0e12463ec1ea4c23
-
SHA1
8e321d0671df8c72c863bbf90060759729f255ec
-
SHA256
516f198a32a0d7c0e4cf081ac943e3c547988ca20b17b209713d4b06691dfa2a
-
SHA512
4999292156798e1b258def434a670348e4e316f2e37485562b0cf8ac73b976f4b883814ddfd4e768e6e3f377f489d752e5ea7a02450fe0a30a35dc75814e48ab
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-