General

  • Target

    53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b

  • Size

    1.4MB

  • Sample

    241104-zj8xmszkck

  • MD5

    42777b129a7ac23533e2f2395b0b6ce5

  • SHA1

    39bd402b6e443f1e4428a2cd3df3ce14aee29077

  • SHA256

    53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b

  • SHA512

    aee3343fdb73d07f4fa18725402c69dc885904171c9b821d63f3c9edc5ef99367334f1e39aa9b8f5f66569335f418942ea5401de5eebc6d10a9c0103c7be99db

  • SSDEEP

    24576:YVs/786BMc3Hpy+fNymQ6QFw5fgTn0jHkom2KaN4/Epocc9UV5fFEgf8boorkEac:Yy786Bd3HgwydsIAjH/mlaC3cc9UVNFo

Malware Config

Extracted

Family

redline

C2

saninolece.xyz:80

Attributes
  • auth_value

    9b143aa40fe6c853e0ddebdf496de748

Targets

    • Target

      53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b

    • Size

      1.4MB

    • MD5

      42777b129a7ac23533e2f2395b0b6ce5

    • SHA1

      39bd402b6e443f1e4428a2cd3df3ce14aee29077

    • SHA256

      53f48c5691d5624fbae75822425af2e7a40e1164f7bee1a450fa4ddb0a3fd95b

    • SHA512

      aee3343fdb73d07f4fa18725402c69dc885904171c9b821d63f3c9edc5ef99367334f1e39aa9b8f5f66569335f418942ea5401de5eebc6d10a9c0103c7be99db

    • SSDEEP

      24576:YVs/786BMc3Hpy+fNymQ6QFw5fgTn0jHkom2KaN4/Epocc9UV5fFEgf8boorkEac:Yy786Bd3HgwydsIAjH/mlaC3cc9UVNFo

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks