redline | c652a26bf55e37df20be2acde2bf62e689fe74b639399cf05c745b6e99bf300e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c652a26bf55e37df20be2acde2bf62e689fe74b639399cf05c745b6e99bf300e
Size

2.2MB
Sample

241108-ykzjxsxpaw
MD5

04a388c4eba299014229f1b9ad222bfa
SHA1

8abbbca7933753fc6735bf0ce54e60aeb6175290
SHA256

c652a26bf55e37df20be2acde2bf62e689fe74b639399cf05c745b6e99bf300e
SHA512

264a93b0b54adc89a07c72b0a3367f72fe8460052f8f8445001538b7babe3d60bc747422002ff7db3c9d77479f97f72ca21593e549e804b19e3b69d7c283860a
SSDEEP

24576:O2S7oUNCP2EnE8yi/ql/TM3eayHj03qEtAnXXrs2YHp9AzCAXEQ3x//1kvMaNzBl:2Dwci/ql7b3AqWr

Score

10^/10

redline new discovery evasion infostealer trojan

Malware Config

Extracted

Family

redline

Botnet

new

C2

librchichelpai.shop:81

rniwondunuifac.shop:81

Attributes

auth_value
0ae189161615f61e951d226417eab9d5

Targets

- Target
  
  c652a26bf55e37df20be2acde2bf62e689fe74b639399cf05c745b6e99bf300e
- Size
  
  2.2MB
- MD5
  
  04a388c4eba299014229f1b9ad222bfa
- SHA1
  
  8abbbca7933753fc6735bf0ce54e60aeb6175290
- SHA256
  
  c652a26bf55e37df20be2acde2bf62e689fe74b639399cf05c745b6e99bf300e
- SHA512
  
  264a93b0b54adc89a07c72b0a3367f72fe8460052f8f8445001538b7babe3d60bc747422002ff7db3c9d77479f97f72ca21593e549e804b19e3b69d7c283860a
- SSDEEP
  
  24576:O2S7oUNCP2EnE8yi/ql/TM3eayHj03qEtAnXXrs2YHp9AzCAXEQ3x//1kvMaNzBl:2Dwci/ql7b3AqWr
Score

10^/10

redline new discovery evasion infostealer trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenewdiscoveryevasioninfostealertrojan

behavioral2

redlinenewdiscoveryevasioninfostealertrojan