General

  • Target

    24aa9916ffc0c7a62ae9eaf5131a6bba469568bf

  • Size

    6.3MB

  • Sample

    241109-g4z65azbkr

  • MD5

    8fdf03a9d6ad1b0980736fecea679452

  • SHA1

    24aa9916ffc0c7a62ae9eaf5131a6bba469568bf

  • SHA256

    da4857cd0ffbebdd106ac29c7235691b4be05d9606ce5ec73200a66160a65ae3

  • SHA512

    20cad91b57b09661591571e58ccf8eb7f3edd890607c1424379a42b17f9ef118d87d47dd46b5f0197e9f03be82805274322b8c0ecb6db78938067f416cb9a343

  • SSDEEP

    196608:F5KPulmV3d56bMNHoY1J2kYi0hOlbNpcZNd:SGsVK5MYtONjcZP

Malware Config

Extracted

Family

redline

Botnet

@s1ker777

C2

193.106.191.160:8673

Attributes
  • auth_value

    dd3766491228ea046e9f9c737284a176

Targets

    • Target

      a31c586f16980f56ec1d6b587804cb24.exe.vir

    • Size

      740.7MB

    • MD5

      a31c586f16980f56ec1d6b587804cb24

    • SHA1

      0c2a375217632b388b19f846a668eb293d1d40c3

    • SHA256

      8db63e77c99f5e2a1ab4cebf5c02344954c6ffcac712ff86e61a3f1fd098f4a1

    • SHA512

      86444306251a07d771c09d0ce05a66770cabc5ef410aa15b576a4b27ddbee579c88f336cb728513d316cd7a52679b8770e6e316eb92feed76e7b7c6ff1271314

    • SSDEEP

      393216:Z999999999999999999999999999/DTOtJepmVCLi+:78JepMCJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks