General
-
Target
005246f6e658ffe0a40c332315f6d49eaef689cacbfdbf3b8a75e8342fa719cb.bin
-
Size
560KB
-
Sample
230311-25w63sbg65
-
MD5
06be466217b8384774b1898400dc3892
-
SHA1
8726a74c5aaff8da9de16edf17179f083ea374ff
-
SHA256
005246f6e658ffe0a40c332315f6d49eaef689cacbfdbf3b8a75e8342fa719cb
-
SHA512
7d415286013ff840b06a142219a66c1a10613e2738ce91aa01b9dcd41c86c6697ae16c7d7e1fdd79e81e2fc0986bb8f119c1e66f22a2ddeac7858fa00a10657c
-
SSDEEP
12288:pMryy90rG08j5kt0S+GtEsHlbCUFMVGKT/JL4UncZdP5HNf1q:7y478j65Hl+UFM7LVE5tQ
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
005246f6e658ffe0a40c332315f6d49eaef689cacbfdbf3b8a75e8342fa719cb.bin
-
Size
560KB
-
MD5
06be466217b8384774b1898400dc3892
-
SHA1
8726a74c5aaff8da9de16edf17179f083ea374ff
-
SHA256
005246f6e658ffe0a40c332315f6d49eaef689cacbfdbf3b8a75e8342fa719cb
-
SHA512
7d415286013ff840b06a142219a66c1a10613e2738ce91aa01b9dcd41c86c6697ae16c7d7e1fdd79e81e2fc0986bb8f119c1e66f22a2ddeac7858fa00a10657c
-
SSDEEP
12288:pMryy90rG08j5kt0S+GtEsHlbCUFMVGKT/JL4UncZdP5HNf1q:7y478j65Hl+UFM7LVE5tQ
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-