General

  • Target

    52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c

  • Size

    1.4MB

  • Sample

    220717-ckf7pabfc8

  • MD5

    b630bd574756df49465fe6d7fb41e7d3

  • SHA1

    628dd252c4a5e611093e722166e65c1d9ca55a80

  • SHA256

    52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c

  • SHA512

    e1b10edc631ff4650bc6a930e8ac30e9c02197997a22ce84e905d3c1a77e0bdb18afa78236a6e5840bf23cd1723920dd1aad96abea2a3afdf6aca2a82d10524d

Malware Config

Extracted

Family

redline

Botnet

@JABKA9983

C2

92.255.85.137:41320

Attributes
  • auth_value

    507a0c408947972b94cf44475f601269

Targets

    • Target

      52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c

    • Size

      1.4MB

    • MD5

      b630bd574756df49465fe6d7fb41e7d3

    • SHA1

      628dd252c4a5e611093e722166e65c1d9ca55a80

    • SHA256

      52b848abe5f067ac4822925b859d8f58cd416a3ec8dd6457aaafae794632ba1c

    • SHA512

      e1b10edc631ff4650bc6a930e8ac30e9c02197997a22ce84e905d3c1a77e0bdb18afa78236a6e5840bf23cd1723920dd1aad96abea2a3afdf6aca2a82d10524d

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks