General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
redline
Botnet
mal0y
C2
46.21.250.111:65367
Attributes
-
auth_value
0d686591760ebde10581ed35301311d1
Targets
-
-
Target
https://telegra.ph/CS-GO-CHANGER-June-06-22
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-