Extracted

• • Target

    b33d2bb99a5383f79632d1788c201685da7d5ace348467dd644ec053d5b6527a

  • Size

    743.8MB

  • MD5

    2c21ffacb9384ccb499a9cad86ff4b32

  • SHA1

    ab10fa071c32d9b4dede8160480b37c45d9c33f6

  • SHA256

    b33d2bb99a5383f79632d1788c201685da7d5ace348467dd644ec053d5b6527a

  • SHA512

    6e2196bf65917265ffe6426241af26f1cb56c89e8f514bad837295dc32cfa188b88de57e7f55fc88b762a0fa1075c12d0dd6041cda0850dd40c2cf28c6ece496

  • SSDEEP

    196608:/jKNkLtiKH095HH0AsT16oyPIvU4tgXtTb86XbfZ:/OC/0Dq1ewM4GpQ8bf

  Score

  10^/10

  redline1discoveryevasioninfostealertrojanupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2