General
-
Target
file.exe
-
Size
192KB
-
Sample
230202-2v37msbh8s
-
MD5
25035abb52d2f2fb5d2ccf3970b28d4e
-
SHA1
1755cd24d3a627032c996a5187058d800bafe9c8
-
SHA256
b9b662268799479031a208b0d144559da6fe242a94b3329fc5b31d66f77900bf
-
SHA512
14c5bebdd62fcad74c41fee2811ce3917dc6ba9bbdb3c0707f6d14618343f951a25abdb54dfd4c07b3545cefe8b336a835db99a4bf94097ea1dea56ba5819580
-
SSDEEP
3072:gOhX0N7+f1y5GWp1icKAArDZz4N9GhbkrNEk1ssR84+aX5DD0Wv7VdcX07/:lhEN7+Op0yN90QEDs+9y7L/
Malware Config
Extracted
redline
france
193.233.20.5:4136
-
auth_value
827023aa27bcc1cc2382e4d111feec6f
Targets
-
-
Target
file.exe
-
Size
192KB
-
MD5
25035abb52d2f2fb5d2ccf3970b28d4e
-
SHA1
1755cd24d3a627032c996a5187058d800bafe9c8
-
SHA256
b9b662268799479031a208b0d144559da6fe242a94b3329fc5b31d66f77900bf
-
SHA512
14c5bebdd62fcad74c41fee2811ce3917dc6ba9bbdb3c0707f6d14618343f951a25abdb54dfd4c07b3545cefe8b336a835db99a4bf94097ea1dea56ba5819580
-
SSDEEP
3072:gOhX0N7+f1y5GWp1icKAArDZz4N9GhbkrNEk1ssR84+aX5DD0Wv7VdcX07/:lhEN7+Op0yN90QEDs+9y7L/
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-