General
-
Target
b606c698227da52d362ae1115f8f5e437f9eae989e4a19ec59e82a55a7791867
-
Size
697KB
-
Sample
230328-mnd7lscb8v
-
MD5
de9d0e8903fa5069aca9fbe4cb32057d
-
SHA1
bc19f48f4879d35846b0b39369cb593f5b6dcfb1
-
SHA256
b606c698227da52d362ae1115f8f5e437f9eae989e4a19ec59e82a55a7791867
-
SHA512
efba32b16a7abda397c9cdbbddb6aabcb01fc4ac38d887b1b77d30cd59a8d24466a3cdd6e27f065147d343829bf474278f75501a2bef8ccfdf43580aa9f83acf
-
SSDEEP
12288:LMrpy90CdIfay4G6XwzuIdDo9sewe3BL6olGjuAxI9gThcZx/:yySGXwz493rGjDI9oEZ
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
muse
176.113.115.145:4125
-
auth_value
b91988a63a24940038d9262827a5320c
Targets
-
-
Target
b606c698227da52d362ae1115f8f5e437f9eae989e4a19ec59e82a55a7791867
-
Size
697KB
-
MD5
de9d0e8903fa5069aca9fbe4cb32057d
-
SHA1
bc19f48f4879d35846b0b39369cb593f5b6dcfb1
-
SHA256
b606c698227da52d362ae1115f8f5e437f9eae989e4a19ec59e82a55a7791867
-
SHA512
efba32b16a7abda397c9cdbbddb6aabcb01fc4ac38d887b1b77d30cd59a8d24466a3cdd6e27f065147d343829bf474278f75501a2bef8ccfdf43580aa9f83acf
-
SSDEEP
12288:LMrpy90CdIfay4G6XwzuIdDo9sewe3BL6olGjuAxI9gThcZx/:yySGXwz493rGjDI9oEZ
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-