Description
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
General
Target
Size
Sample
fb89d57447db2445a18842b156ede54a
1MB
220330-z2p79adebq
Score
10/10
MD5
SHA1
SHA256
SHA512
fb89d57447db2445a18842b156ede54a
69fd005c7f4da455cc16198c308c02597aeed475
12dd9be4130d2815e1996e2179b5e0af874bc1bca280b455f17ff96aace7293c
2dca1e302379ec0543ff4e9f8f4dc18c1ef76b758fb17823f9a6835fbfbcd1afce759719592060db1a95ba3085ed6fbb9678b364342a8b22e2c982928c2e47be
Malware Config
Extracted
| Family | redline |
| Botnet | 1 |
| C2 |
116.202.11.19:24855 |
| Attributes |
auth_value 24b5bd5b441536b793bf4e2a4d143416 |
Targets
Target
MD5
Filesize
fb89d57447db2445a18842b156ede54a
fb89d57447db2445a18842b156ede54a
1MB
Score
10/10
SHA1
SHA256
SHA512
69fd005c7f4da455cc16198c308c02597aeed475
12dd9be4130d2815e1996e2179b5e0af874bc1bca280b455f17ff96aace7293c
2dca1e302379ec0543ff4e9f8f4dc18c1ef76b758fb17823f9a6835fbfbcd1afce759719592060db1a95ba3085ed6fbb9678b364342a8b22e2c982928c2e47be
Tags
Signatures
-
RedLine
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Tags
TTPs
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10