redline | 4a5a06285aa0ca763229078bfd26a081ed8c41c90b4808155797dcbabbed4188 | Triage

Sharing

General

Target

4a5a06285aa0ca763229078bfd26a081ed8c41c90b4808155797dcbabbed4188.exe
Size

1.9MB
Sample

250201-dq66qs1nhv
MD5

c14acb469b8ab6888d9f221732ac9fd5
SHA1

fe32dd83b34b46e3a3d20ee4992b5a00b9f21b2b
SHA256

4a5a06285aa0ca763229078bfd26a081ed8c41c90b4808155797dcbabbed4188
SHA512

cf969a2680a14352de5c736a2e485f7b295ae44ebed59458ba7f988e6c1f3cc16e014c41b9f1433680af00c3547a0c032839b2b3e41693b4bc82c21c44d79eaf
SSDEEP

49152:rIZKmmqn9SQ3Og96W3hPy8oQn+3k31FX5WeoA:reKmmgSQ3b6WHgklFdoA

Score

10^/10

redline b197ffdef2ddc3308584dce7afa3661b defense_evasion discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

b197ffdef2ddc3308584dce7afa3661b

C2

45.145.42.103:1912

Targets

- Target
  
  4a5a06285aa0ca763229078bfd26a081ed8c41c90b4808155797dcbabbed4188.exe
- Size
  
  1.9MB
- MD5
  
  c14acb469b8ab6888d9f221732ac9fd5
- SHA1
  
  fe32dd83b34b46e3a3d20ee4992b5a00b9f21b2b
- SHA256
  
  4a5a06285aa0ca763229078bfd26a081ed8c41c90b4808155797dcbabbed4188
- SHA512
  
  cf969a2680a14352de5c736a2e485f7b295ae44ebed59458ba7f988e6c1f3cc16e014c41b9f1433680af00c3547a0c032839b2b3e41693b4bc82c21c44d79eaf
- SSDEEP
  
  49152:rIZKmmqn9SQ3Og96W3hPy8oQn+3k31FX5WeoA:reKmmgSQ3b6WHgklFdoA
Score

10^/10

redline b197ffdef2ddc3308584dce7afa3661b defense_evasion discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Redline family
  redline
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineb197ffdef2ddc3308584dce7afa3661bdefense_evasiondiscoveryinfostealer

behavioral2

redlineb197ffdef2ddc3308584dce7afa3661bdefense_evasiondiscoveryinfostealer