General

  • Target

    54259854d6c513fd408a76b03e1d72f326d6c18527c7114358485e936b10353e

  • Size

    1.2MB

  • Sample

    230505-w2ke8ada65

  • MD5

    d5fb730b57b9c2ba513d4482384dea5b

  • SHA1

    d276dd4a87c0be18317ac7ce531f72bd7a8eeedd

  • SHA256

    54259854d6c513fd408a76b03e1d72f326d6c18527c7114358485e936b10353e

  • SHA512

    cf57397b2de119b9be32ca922b72d12fd68ef5113fe80a44af2edf15831a956233949474026998903a89f8c3c275345ee5c2f59ba4d93c61bbdf387ed9ec4b40

  • SSDEEP

    24576:3yn2smzBd1f8LQesIpt5QWUUFvpphY9rBC18iDCMVQe4hMHaQ1o:C2smzBd1fqhvQWUUHIrBC1th4hMHa

Malware Config

Targets

    • Target

      54259854d6c513fd408a76b03e1d72f326d6c18527c7114358485e936b10353e

    • Size

      1.2MB

    • MD5

      d5fb730b57b9c2ba513d4482384dea5b

    • SHA1

      d276dd4a87c0be18317ac7ce531f72bd7a8eeedd

    • SHA256

      54259854d6c513fd408a76b03e1d72f326d6c18527c7114358485e936b10353e

    • SHA512

      cf57397b2de119b9be32ca922b72d12fd68ef5113fe80a44af2edf15831a956233949474026998903a89f8c3c275345ee5c2f59ba4d93c61bbdf387ed9ec4b40

    • SSDEEP

      24576:3yn2smzBd1f8LQesIpt5QWUUFvpphY9rBC18iDCMVQe4hMHaQ1o:C2smzBd1fqhvQWUUHIrBC1th4hMHa

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks