General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
redline
Botnet
1488
C2
46.21.250.111:65367
Attributes
-
auth_value
e1f55d6c61f97af563fc8c06a2c97666
Targets
-
-
Target
https://telegra.ph/VALORANT-HACK-07-07-2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-