General
-
Target
10f28b1aeb1250415aed725bbc75f33cc78fceaca568cd6500ba7053c492d228
-
Size
672KB
-
Sample
230331-zyw7dsdd85
-
MD5
2c5f6b40737c43a93c5cc192f88282e1
-
SHA1
2774ac375b3906f064c70b7dd51b09d646eafca4
-
SHA256
10f28b1aeb1250415aed725bbc75f33cc78fceaca568cd6500ba7053c492d228
-
SHA512
b7b4fc2c5724f57bc9d7b8be4a2809c8512b5e7f06f6c4ab4a43da323a682c46f19aabaa9b796c98e97e265b9284910856eddc4184e077cab289a0a36c0fb882
-
SSDEEP
12288:IMrsy90RT9tM4bU5rWrsRa2pjHl8d0z43LqsjEoeP9ftK:kyK04bU5rWr6vGOz43GswoeP9f8
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
spora
176.113.115.145:4125
-
auth_value
441b39ab37774b2ca9931c31e1bc6071
Targets
-
-
Target
10f28b1aeb1250415aed725bbc75f33cc78fceaca568cd6500ba7053c492d228
-
Size
672KB
-
MD5
2c5f6b40737c43a93c5cc192f88282e1
-
SHA1
2774ac375b3906f064c70b7dd51b09d646eafca4
-
SHA256
10f28b1aeb1250415aed725bbc75f33cc78fceaca568cd6500ba7053c492d228
-
SHA512
b7b4fc2c5724f57bc9d7b8be4a2809c8512b5e7f06f6c4ab4a43da323a682c46f19aabaa9b796c98e97e265b9284910856eddc4184e077cab289a0a36c0fb882
-
SSDEEP
12288:IMrsy90RT9tM4bU5rWrsRa2pjHl8d0z43LqsjEoeP9ftK:kyK04bU5rWr6vGOz43GswoeP9f8
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-