General
-
Target
https://telegra.ph/VALORANT-HACK-07-07-2
-
Sample
220707-vffz8sdfc2
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
1488
C2
46.21.250.111:65367
Attributes
-
auth_value
e1f55d6c61f97af563fc8c06a2c97666
Targets
-
-
Target
https://telegra.ph/VALORANT-HACK-07-07-2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-