General
-
Target
4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a
-
Size
1011KB
-
Sample
230324-ntc26sgb31
-
MD5
94cc7ca058f0b33c9496a6de7650beda
-
SHA1
23bcc7fa3bf698edf5e26f41a8f22646039eb1a9
-
SHA256
4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a
-
SHA512
17cebbc051705eb6f1b1a90ca8a9bf7ccbd8c6ce9d8b4e62cd961c6ef8c0b1b237a5896e2bcba1c8926df2f1265bc3864a90e1f8162330126bbb46c2a7668279
-
SSDEEP
24576:JyVIW200fzL3eE5SVKpKtHe7C8NsNs14kLdeaXd+yuxWIkXp7L:88LoVuKACGsNs1VLkat+yWWd
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Targets
-
-
Target
4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a
-
Size
1011KB
-
MD5
94cc7ca058f0b33c9496a6de7650beda
-
SHA1
23bcc7fa3bf698edf5e26f41a8f22646039eb1a9
-
SHA256
4bcc7fbfd0c76ac955452334538d09fe4f64b3d19369991c5e1eef209619c99a
-
SHA512
17cebbc051705eb6f1b1a90ca8a9bf7ccbd8c6ce9d8b4e62cd961c6ef8c0b1b237a5896e2bcba1c8926df2f1265bc3864a90e1f8162330126bbb46c2a7668279
-
SSDEEP
24576:JyVIW200fzL3eE5SVKpKtHe7C8NsNs14kLdeaXd+yuxWIkXp7L:88LoVuKACGsNs1VLkat+yWWd
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-