General
Target

b57006d6430fcfa68bc2700d14fcb138ac673e77e5f570b84516f1a3bd9726cd

Size

1MB

Sample

220427-vy6nlsegb6

Score
10/10
MD5

6de3b7e987d8c8a0d68a74529aa2a3f4

SHA1

7ee7faa92cb9dafb41e3b0efcdd0c02adb944717

SHA256

b57006d6430fcfa68bc2700d14fcb138ac673e77e5f570b84516f1a3bd9726cd

SHA512

ccd099dbd4f977098033794a441586a4ca86add60225035bcae66027dda20b5b5428956113d274a0f7185cedd2c989aa36f621c599f97af72a90e5142d37a48b

Malware Config

Extracted

Family

redline

Botnet

1

C2

195.149.87.133:1725

Targets
Target

b57006d6430fcfa68bc2700d14fcb138ac673e77e5f570b84516f1a3bd9726cd

MD5

6de3b7e987d8c8a0d68a74529aa2a3f4

Filesize

1MB

Score
10/10
SHA1

7ee7faa92cb9dafb41e3b0efcdd0c02adb944717

SHA256

b57006d6430fcfa68bc2700d14fcb138ac673e77e5f570b84516f1a3bd9726cd

SHA512

ccd099dbd4f977098033794a441586a4ca86add60225035bcae66027dda20b5b5428956113d274a0f7185cedd2c989aa36f621c599f97af72a90e5142d37a48b

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Identifies Wine through registry keys

    Description

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A