General
-
Target
36c21c81577ce3b5977ecedac15b6070.exe
-
Size
556KB
-
Sample
230325-jwjkhsdh7w
-
MD5
36c21c81577ce3b5977ecedac15b6070
-
SHA1
6338cf262bb5c2c1a705f34a9d7b4aa42bbb7169
-
SHA256
c20988d5e429617c0ef0816e7a7743b0d8d4f3faec4b9b272747b86b4bc2299d
-
SHA512
11bcca63b2f97c971d9715bfc8f9232c861ec155f67ec4e3d27aeb9679f2de3daa0be091877f3c95e7efd6ef4ab1ac7c10eb31069ff1f70c968c77d0b5606408
-
SSDEEP
12288:/Mrmy90JZ4CqpX5aV9TmgBkw+aiNfg80EDHj1adtYJILC8U:1y24NppY91ifhyC8U
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
lida
193.233.20.32:4125
-
auth_value
24052aa2e9b85984a98d80cf08623e8d
Targets
-
-
Target
36c21c81577ce3b5977ecedac15b6070.exe
-
Size
556KB
-
MD5
36c21c81577ce3b5977ecedac15b6070
-
SHA1
6338cf262bb5c2c1a705f34a9d7b4aa42bbb7169
-
SHA256
c20988d5e429617c0ef0816e7a7743b0d8d4f3faec4b9b272747b86b4bc2299d
-
SHA512
11bcca63b2f97c971d9715bfc8f9232c861ec155f67ec4e3d27aeb9679f2de3daa0be091877f3c95e7efd6ef4ab1ac7c10eb31069ff1f70c968c77d0b5606408
-
SSDEEP
12288:/Mrmy90JZ4CqpX5aV9TmgBkw+aiNfg80EDHj1adtYJILC8U:1y24NppY91ifhyC8U
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-