redline | 90e6f395643514916b30101a393ffe491d7809349d75858ffa73cab7d717c31f | Triage

Submit
Reports

Overview

overview

Static

static

7

1ca3d04a1c...4a.exe

windows10_x64

Sharing

General

Target

1ca3d04a1c28f573e0a31c49881c8c4a.7z
Size

1.9MB
Sample

220119-a8trksedck
MD5

3d1d00b27b7845068d971019b56132de
SHA1

ab7625d9e5b6a9ee31558f133d927bfc589a2dae
SHA256

90e6f395643514916b30101a393ffe491d7809349d75858ffa73cab7d717c31f
SHA512

dd86f313038e070b8a20cf355dab3878cf53fb538d7e9a636b6f14d2293f70682d854f20b194486e1c6d88d820b57b3b1fe6dcd265d021e7ff55f5a6beea18b3

Score

10^/10

redline fs3 evasion infostealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

1ca3d04a1c28f573e0a31c49881c8c4a.exe

Resource

win10-en-20211208

redline fs3 evasion infostealer themida trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

fs3

C2

65.21.103.71:56458

Targets

- Target
  
  1ca3d04a1c28f573e0a31c49881c8c4a
- Size
  
  2.2MB
- MD5
  
  1ca3d04a1c28f573e0a31c49881c8c4a
- SHA1
  
  30a0a21660c49c0a44c981396c435483efad865e
- SHA256
  
  196e6323c5ffd2105f1159a77c1b1cb583deb9d27875232f5fae5635a39a637d
- SHA512
  
  aeede683d62f29b2e24f7352ff296c7249c3eccc6a6b3c165b060454a0704cf52b1137dbcdb24b7045c526f6a6e6b70f79935ed78866b552b7338cec38e6be64
Score

10^/10

redline fs3 evasion infostealer themida trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinefs3evasioninfostealerthemidatrojan

© 2018-2024

Terms | Privacy