General
-
Target
92d441da5b416f6567e3adde31e06aa9e49d777f2513b6680a5ee467fa9afa1c
-
Size
538KB
-
Sample
230324-k1lq4sfd7x
-
MD5
0aee1cd46f8506221b86eabccd9ac952
-
SHA1
ea0aa8306a98c4fd3016410038f59ac30a2b7cd6
-
SHA256
92d441da5b416f6567e3adde31e06aa9e49d777f2513b6680a5ee467fa9afa1c
-
SHA512
94facaeb87c5968429a3e2c453e7444ec0fcaff0a78ab2f89a9f2ac37c03ff6c3ae596c3a5d779ae7b2da5d10c3e3a96121543a5cb6cf1bf537cc40437388a59
-
SSDEEP
12288:HMr2y90g3bvO//xQd6oJgMUZifiYYx0I4+VWYviHw5MS:pyxbvOBQQaghZoiYIRQiiHw51
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
92d441da5b416f6567e3adde31e06aa9e49d777f2513b6680a5ee467fa9afa1c
-
Size
538KB
-
MD5
0aee1cd46f8506221b86eabccd9ac952
-
SHA1
ea0aa8306a98c4fd3016410038f59ac30a2b7cd6
-
SHA256
92d441da5b416f6567e3adde31e06aa9e49d777f2513b6680a5ee467fa9afa1c
-
SHA512
94facaeb87c5968429a3e2c453e7444ec0fcaff0a78ab2f89a9f2ac37c03ff6c3ae596c3a5d779ae7b2da5d10c3e3a96121543a5cb6cf1bf537cc40437388a59
-
SSDEEP
12288:HMr2y90g3bvO//xQd6oJgMUZifiYYx0I4+VWYviHw5MS:pyxbvOBQQaghZoiYIRQiiHw51
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-