General
-
Target
5703de95e4a00037028041ff7a51b90334e4d0929db4e2c96907e007e780f47f
-
Size
2.8MB
-
Sample
220725-bcylbsgdgl
-
MD5
4478ed25813138e2eab7147b1ec91fca
-
SHA1
b9ba8c1f110bc8557c00d5b8bfc83ab7b98d4bc8
-
SHA256
5703de95e4a00037028041ff7a51b90334e4d0929db4e2c96907e007e780f47f
-
SHA512
f0258bb9452894c43c7f41b5716c95c005d2a3098f8719644f94161e9fbf4aaf6b40ca1399860504d54252834661859bd861d01ee6c11f4af92840708dc72f19
Behavioral task
behavioral1
Sample
5703de95e4a00037028041ff7a51b90334e4d0929db4e2c96907e007e780f47f.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5703de95e4a00037028041ff7a51b90334e4d0929db4e2c96907e007e780f47f.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5703de95e4a00037028041ff7a51b90334e4d0929db4e2c96907e007e780f47f
-
Size
2.8MB
-
MD5
4478ed25813138e2eab7147b1ec91fca
-
SHA1
b9ba8c1f110bc8557c00d5b8bfc83ab7b98d4bc8
-
SHA256
5703de95e4a00037028041ff7a51b90334e4d0929db4e2c96907e007e780f47f
-
SHA512
f0258bb9452894c43c7f41b5716c95c005d2a3098f8719644f94161e9fbf4aaf6b40ca1399860504d54252834661859bd861d01ee6c11f4af92840708dc72f19
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-