redline | aa6ca1da68b711a534cdae77c39382d6f020679a7ea56e1563bae1a3c9342d0f | Triage

Submit
Reports

Overview

overview

Static

static

1

aa6ca1da68...0f.exe

windows7-x64

aa6ca1da68...0f.exe

windows10-2004-x64

Sharing

General

Target

aa6ca1da68b711a534cdae77c39382d6f020679a7ea56e1563bae1a3c9342d0f
Size

720KB
Sample

250204-ys5qxazmbv
MD5

c39dc176515df061ae18dac5290a421b
SHA1

9a40112771df95fd291b3c655200f4526f1b681a
SHA256

aa6ca1da68b711a534cdae77c39382d6f020679a7ea56e1563bae1a3c9342d0f
SHA512

67cef282c93324d5c57d9635415af6721b79b0b2b9ccc1fdda618c2287c78448732378b788452cdc2b8abb592eafc9fac71922c60aae105c311a3e59ab2c1987
SSDEEP

12288:EsZjDQffIkegET9jsIBMNjnNNOhAe/S0JiD2trLwYckJ2U02abFTxJlO6VVUF0mW:NgoTsIBMNjnNNOhAe/S0JU2Z9J9mzlOs

Score

10^/10

redline news defense_evasion discovery infostealer

Static task

static1

Behavioral task

behavioral1

Sample

aa6ca1da68b711a534cdae77c39382d6f020679a7ea56e1563bae1a3c9342d0f.exe

Resource

win7-20240903-en

redline news defense_evasion discovery infostealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

aa6ca1da68b711a534cdae77c39382d6f020679a7ea56e1563bae1a3c9342d0f.exe

Resource

win10v2004-20250129-en

redline news defense_evasion discovery infostealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

news

C2

45.144.28.250:26912

Attributes

auth_value
e61921786ce9e1a6b356c82b24803f6d

Targets

- Target
  
  aa6ca1da68b711a534cdae77c39382d6f020679a7ea56e1563bae1a3c9342d0f
- Size
  
  720KB
- MD5
  
  c39dc176515df061ae18dac5290a421b
- SHA1
  
  9a40112771df95fd291b3c655200f4526f1b681a
- SHA256
  
  aa6ca1da68b711a534cdae77c39382d6f020679a7ea56e1563bae1a3c9342d0f
- SHA512
  
  67cef282c93324d5c57d9635415af6721b79b0b2b9ccc1fdda618c2287c78448732378b788452cdc2b8abb592eafc9fac71922c60aae105c311a3e59ab2c1987
- SSDEEP
  
  12288:EsZjDQffIkegET9jsIBMNjnNNOhAe/S0JiD2trLwYckJ2U02abFTxJlO6VVUF0mW:NgoTsIBMNjnNNOhAe/S0JU2Z9J9mzlOs
Score

10^/10

redline news defense_evasion discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Looks for VirtualBox Guest Additions in registry
  defense_evasion
- Looks for VMWare Tools registry key
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinenewsdefense_evasiondiscoveryinfostealer

behavioral2

redlinenewsdefense_evasiondiscoveryinfostealer

© 2018-2025

Terms | Privacy