General
-
Target
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c
-
Size
689KB
-
Sample
230328-ff3fxaag7w
-
MD5
74aaead1c8dd7c6500cc558a72f69e7d
-
SHA1
ebd653a3d6fd37abd1467704bfa6748cafbd152e
-
SHA256
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c
-
SHA512
3abc3f5e462713cd873c36ed3ad028dd1117e78ede19de5b23da276de9e78631533b2ad7d843d48d308652aad8e31b9dc992ac69777ef6687981bcb11793a9a9
-
SSDEEP
12288:5Mruy90wdkETVrnXbp2yKmyt65hLu2usMSKI3VgS7vvmFnwfigRA5/H9T3Dt:vyMKkgfaTsLZ3VgwvinwagA/Hp5
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c
-
Size
689KB
-
MD5
74aaead1c8dd7c6500cc558a72f69e7d
-
SHA1
ebd653a3d6fd37abd1467704bfa6748cafbd152e
-
SHA256
9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c
-
SHA512
3abc3f5e462713cd873c36ed3ad028dd1117e78ede19de5b23da276de9e78631533b2ad7d843d48d308652aad8e31b9dc992ac69777ef6687981bcb11793a9a9
-
SSDEEP
12288:5Mruy90wdkETVrnXbp2yKmyt65hLu2usMSKI3VgS7vvmFnwfigRA5/H9T3Dt:vyMKkgfaTsLZ3VgwvinwagA/Hp5
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-