General
-
Target
8310f7b0bd2521e6a6fe2481634463f357410479bbaa59ae6bd42907b5ef4f9b
-
Size
680KB
-
Sample
230324-mcbmcafg3t
-
MD5
cb867393959da67e817379860852c759
-
SHA1
1b4ba6048497b85fc197cbf9d22bd5378d0cf1bc
-
SHA256
8310f7b0bd2521e6a6fe2481634463f357410479bbaa59ae6bd42907b5ef4f9b
-
SHA512
be37d83cfa2649d61f2457bc3521d0c69611067c1e39f49549bc6cc566d96356ac76ce001290725056a214cd74ede33b52f7b41e71d91fd129a2ea424b616aa1
-
SSDEEP
12288:Ad898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:AT08PtIsuup4IO6oz5VC1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
8310f7b0bd2521e6a6fe2481634463f357410479bbaa59ae6bd42907b5ef4f9b
-
Size
680KB
-
MD5
cb867393959da67e817379860852c759
-
SHA1
1b4ba6048497b85fc197cbf9d22bd5378d0cf1bc
-
SHA256
8310f7b0bd2521e6a6fe2481634463f357410479bbaa59ae6bd42907b5ef4f9b
-
SHA512
be37d83cfa2649d61f2457bc3521d0c69611067c1e39f49549bc6cc566d96356ac76ce001290725056a214cd74ede33b52f7b41e71d91fd129a2ea424b616aa1
-
SSDEEP
12288:Ad898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:AT08PtIsuup4IO6oz5VC1
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-