General
-
Target
efd50843b55b447687120bfbf56269821244d793d99f0cb7370420700136dbf9
-
Size
850KB
-
Sample
230319-cq3mwaee48
-
MD5
24feefae3c25202967f4a67502206896
-
SHA1
917f3c806ca535675696e2ddee6052577693c4f6
-
SHA256
efd50843b55b447687120bfbf56269821244d793d99f0cb7370420700136dbf9
-
SHA512
fb5626f527e7a8c30e344d56eeb6f0b30bc42642927e0df43500e62297873a75a5eb78c207da87dd340879cc33fb229625ffe289f1c69619ce9d878b2e6bff5e
-
SSDEEP
12288:DMroy90a3taECiLAf6PTIiD8ghhz/zXXGNwFZwyoF/T6c2nrR+SjscW/:3yx0EJBIiD8+GMZL+/ecwRK
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
ruka
193.233.20.28:4125
-
auth_value
5d1d0e51ebe1e3f16cca573ff651c43c
Targets
-
-
Target
efd50843b55b447687120bfbf56269821244d793d99f0cb7370420700136dbf9
-
Size
850KB
-
MD5
24feefae3c25202967f4a67502206896
-
SHA1
917f3c806ca535675696e2ddee6052577693c4f6
-
SHA256
efd50843b55b447687120bfbf56269821244d793d99f0cb7370420700136dbf9
-
SHA512
fb5626f527e7a8c30e344d56eeb6f0b30bc42642927e0df43500e62297873a75a5eb78c207da87dd340879cc33fb229625ffe289f1c69619ce9d878b2e6bff5e
-
SSDEEP
12288:DMroy90a3taECiLAf6PTIiD8ghhz/zXXGNwFZwyoF/T6c2nrR+SjscW/:3yx0EJBIiD8+GMZL+/ecwRK
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Data from Local System
2Command and Control
Credential Access
Credentials in Files
2Discovery
Query Registry
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation