General
-
Target
a7078c3f66cdf1f42a59e3c44224928308db979145e0ab4e8c3e0229417dc939
-
Size
701KB
-
Sample
230327-3vfxsafh65
-
MD5
e77499d722fa8c2c6caf993a2712d995
-
SHA1
53e802d5ed95135d9385913e63b44bcbf5729569
-
SHA256
a7078c3f66cdf1f42a59e3c44224928308db979145e0ab4e8c3e0229417dc939
-
SHA512
c4a58df8a1e055f7f4bdb17ab30e4f89dc2bb9c861e8a420d8e54f0e54a816fd097606231daf8d6c5ca91431a18582d681471b26d71e8117740b49533f96defd
-
SSDEEP
12288:4Mrzy90Qloymvh4e00aJ20yiRl1ebhS0UqNZkCfSvmTX7Be/UajekuEC/5/aKqsg:7yfmyEVxA4izAb/kCfSKXo/Uoe1EC/A9
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
a7078c3f66cdf1f42a59e3c44224928308db979145e0ab4e8c3e0229417dc939
-
Size
701KB
-
MD5
e77499d722fa8c2c6caf993a2712d995
-
SHA1
53e802d5ed95135d9385913e63b44bcbf5729569
-
SHA256
a7078c3f66cdf1f42a59e3c44224928308db979145e0ab4e8c3e0229417dc939
-
SHA512
c4a58df8a1e055f7f4bdb17ab30e4f89dc2bb9c861e8a420d8e54f0e54a816fd097606231daf8d6c5ca91431a18582d681471b26d71e8117740b49533f96defd
-
SSDEEP
12288:4Mrzy90Qloymvh4e00aJ20yiRl1ebhS0UqNZkCfSvmTX7Be/UajekuEC/5/aKqsg:7yfmyEVxA4izAb/kCfSKXo/Uoe1EC/A9
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-