General
-
Target
0c5f02df901ec77dd5c0cbf72d874aef85d61c7ada05fdceb6cc5e2adccad2a3
-
Size
538KB
-
Sample
230324-lxedasde49
-
MD5
c38b9592825fc057b21923ac2fc81092
-
SHA1
efc2570e20a023e0c424860056abe81ab2c898c2
-
SHA256
0c5f02df901ec77dd5c0cbf72d874aef85d61c7ada05fdceb6cc5e2adccad2a3
-
SHA512
b538392f76d3581e42c8bf9aab25829e115ab3c76b8480147e5058f47cc7174ffa5debea377416036322b1a6f5176b3b1ce6b2b3c1ca58a2c2a75f61b011fdf0
-
SSDEEP
12288:2Mrzy90S/dkxeI+sEU0tj+gBwfuYmxqI4+YVCr//4vp50c:Jy7/da4rUclBKuYmDgO4n0c
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
0c5f02df901ec77dd5c0cbf72d874aef85d61c7ada05fdceb6cc5e2adccad2a3
-
Size
538KB
-
MD5
c38b9592825fc057b21923ac2fc81092
-
SHA1
efc2570e20a023e0c424860056abe81ab2c898c2
-
SHA256
0c5f02df901ec77dd5c0cbf72d874aef85d61c7ada05fdceb6cc5e2adccad2a3
-
SHA512
b538392f76d3581e42c8bf9aab25829e115ab3c76b8480147e5058f47cc7174ffa5debea377416036322b1a6f5176b3b1ce6b2b3c1ca58a2c2a75f61b011fdf0
-
SSDEEP
12288:2Mrzy90S/dkxeI+sEU0tj+gBwfuYmxqI4+YVCr//4vp50c:Jy7/da4rUclBKuYmDgO4n0c
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-