redline | 7c1eb990bf6a1ff00077e1a0bc1dcb01f6494a07686b0c14f46c2ae47863e943 | Triage

Resubmissions

06/01/2023, 02:05

230106-ch3b5she9z 10

06/01/2023, 01:49

230106-b82b4ahe7w 10

Sharing

General

Target

a4pr_Рекламные матереалы34.rar
Size

6.0MB
Sample

230106-b82b4ahe7w
MD5

ae12d6adbe05fbebfe3c5b5a505fdc57
SHA1

a04d79a9894490f4f410b63edbdf8c5e24b38a72
SHA256

7c1eb990bf6a1ff00077e1a0bc1dcb01f6494a07686b0c14f46c2ae47863e943
SHA512

e4796be52de67470852ec4403726410a9a85c3008e98f63de52b171b9ded01c507e388ae47545ed7b233bc832b75d3f45240baf2f3ea69bc2bfce90e73f6dd49
SSDEEP

98304:kZ3w3qix+8ElhwXqt1a1XEM8vRWdMGs+I3oWXEL4iAaiuwNlv7/OUWCi:TqHHwXqna1UdXb+I3oWXw2aint7GUWD

Score

10^/10

redline 16 evasion infostealer trojan

Malware Config

Extracted

Family

redline

Botnet

16

C2

46.3.199.69:21581

Attributes

auth_value
2d39c11f320a5db0b4d6863a9e41919c

Targets

- Target
  
  34 рекламные материалы, тз .exe
- Size
  
  763.8MB
- MD5
  
  3be1c69b41af83d371a3c7ec53b594d3
- SHA1
  
  3c28537f0c0ff9b45d5bf8085f31d3da91eea8e3
- SHA256
  
  8311d74ee56baf34698abfed0c71f36f73502ad6be7a2b4459bf771767ab32f2
- SHA512
  
  11f93d40514059d252634ec30ed76d72ea4c3fbecb3b0f17396f971bc921583331ef6fdcf2e6e218b3d4c6be786f60f12f2a9a1397a30a2125abf0c06c4fd5de
- SSDEEP
  
  196608:zsHz+H8822i22r2222+41nuwPrR93uL17B7IWvlp0yF/wu3DqBub7mt:f8822i22r2222+GuwP1telhFHzvm
Score

10^/10

redline 16 evasion infostealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Uses the VBS compiler for execution
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline16evasioninfostealertrojan

behavioral2

redline16evasioninfostealertrojan