General
-
Target
44c9cb0cb24e3219f3c0a67fb70bc29608f0fe12ba4645ecd01ccec75c7f0c02
-
Size
680KB
-
Sample
230324-mqn5lafg9y
-
MD5
d4c21248ee1de7b02e1d925e72c09344
-
SHA1
28567cb4e182945588fb3471488fc36920b7c332
-
SHA256
44c9cb0cb24e3219f3c0a67fb70bc29608f0fe12ba4645ecd01ccec75c7f0c02
-
SHA512
f1b5c41692805e1df8b9e97111a9f68341b97baa77b9d2b8cc1ad47e1c141d2da6ad25449eafcdf276b419db37b67f66b6ad4bdb0c236e026ec4118fc7847313
-
SSDEEP
12288:sd898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:sT08PtIsuup4IO6oz5VC1
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
hero
193.233.20.31:4125
-
auth_value
11f3c75a88ca461bcc8d6bf60a1193e3
Targets
-
-
Target
44c9cb0cb24e3219f3c0a67fb70bc29608f0fe12ba4645ecd01ccec75c7f0c02
-
Size
680KB
-
MD5
d4c21248ee1de7b02e1d925e72c09344
-
SHA1
28567cb4e182945588fb3471488fc36920b7c332
-
SHA256
44c9cb0cb24e3219f3c0a67fb70bc29608f0fe12ba4645ecd01ccec75c7f0c02
-
SHA512
f1b5c41692805e1df8b9e97111a9f68341b97baa77b9d2b8cc1ad47e1c141d2da6ad25449eafcdf276b419db37b67f66b6ad4bdb0c236e026ec4118fc7847313
-
SSDEEP
12288:sd898Pwj8PtYzZcDw15fuFlAGHroV43S3OSWGAozw2XeSeTRn:sT08PtIsuup4IO6oz5VC1
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-