General
-
Target
57f92c61023f11d24f6c0202eaab27346cc82394125bee8cc3bc6f6853701cdb
-
Size
851KB
-
Sample
230319-dehn1aef32
-
MD5
5d707370f7f0ff3f8694c431fbd2bf07
-
SHA1
5a68091f8d4149bec836e93966bdbe1941f51b24
-
SHA256
57f92c61023f11d24f6c0202eaab27346cc82394125bee8cc3bc6f6853701cdb
-
SHA512
492c84ee64f297a40d45d5024ad8e9338895f667d461f23a42fc9a19e4a7e673baef40b52e08d916c6e69c20109fe356dbbd4056279ae1d377a7b5ee21b94a68
-
SSDEEP
12288:uMrBy90383iX72hCcfM4xGcfMZyXJLptHElpXQpz65XyCsE7+SJTuiCfOrwt3J:TyZoShCaYHZqJLpJEbXQFglJ7oiCl3J
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
ruka
193.233.20.28:4125
-
auth_value
5d1d0e51ebe1e3f16cca573ff651c43c
Targets
-
-
Target
57f92c61023f11d24f6c0202eaab27346cc82394125bee8cc3bc6f6853701cdb
-
Size
851KB
-
MD5
5d707370f7f0ff3f8694c431fbd2bf07
-
SHA1
5a68091f8d4149bec836e93966bdbe1941f51b24
-
SHA256
57f92c61023f11d24f6c0202eaab27346cc82394125bee8cc3bc6f6853701cdb
-
SHA512
492c84ee64f297a40d45d5024ad8e9338895f667d461f23a42fc9a19e4a7e673baef40b52e08d916c6e69c20109fe356dbbd4056279ae1d377a7b5ee21b94a68
-
SSDEEP
12288:uMrBy90383iX72hCcfM4xGcfMZyXJLptHElpXQpz65XyCsE7+SJTuiCfOrwt3J:TyZoShCaYHZqJLpJEbXQFglJ7oiCl3J
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-