General
-
Target
24ee425da20cf54caa459f2a560875f289d64f51a7481b21049cb6d068f60046
-
Size
1.1MB
-
Sample
230514-jw7x4sde3x
-
MD5
d0ab65e9404c413d4c30aaf35f739991
-
SHA1
aa6d35b763eea29b948b59b86bc6d82dc8d3a0d4
-
SHA256
24ee425da20cf54caa459f2a560875f289d64f51a7481b21049cb6d068f60046
-
SHA512
fec549f11f7eda0d379912f85ae61ed9d9601ae2af5fcdc5116aa2fbc687cdff70d602b8e48eb94dc1b9ef0f4444c1cb6e479b58a0b6e4d00577e203865c1d5f
-
SSDEEP
24576:cy+Gxj/wMZY16pEhNAPxm37F9pgBFgj2hSQV2ml9brgdB:L+u/vZg0aOI3xHga2hcg9
Malware Config
Extracted
redline
luka
185.161.248.75:4132
-
auth_value
44560bcd37d6bf076da309730fdb519a
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
24ee425da20cf54caa459f2a560875f289d64f51a7481b21049cb6d068f60046
-
Size
1.1MB
-
MD5
d0ab65e9404c413d4c30aaf35f739991
-
SHA1
aa6d35b763eea29b948b59b86bc6d82dc8d3a0d4
-
SHA256
24ee425da20cf54caa459f2a560875f289d64f51a7481b21049cb6d068f60046
-
SHA512
fec549f11f7eda0d379912f85ae61ed9d9601ae2af5fcdc5116aa2fbc687cdff70d602b8e48eb94dc1b9ef0f4444c1cb6e479b58a0b6e4d00577e203865c1d5f
-
SSDEEP
24576:cy+Gxj/wMZY16pEhNAPxm37F9pgBFgj2hSQV2ml9brgdB:L+u/vZg0aOI3xHga2hcg9
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-