General
-
Target
a954f8539f126f5945385c742ee49b732d6319d59e265b3bb7c645e17f341244
-
Size
1.1MB
-
Sample
230514-vdbyhace43
-
MD5
c24d8c1cb3663b8aa28b0ef400be93b4
-
SHA1
b1153145ddbef225fcd7371062e3935bdaa4c112
-
SHA256
a954f8539f126f5945385c742ee49b732d6319d59e265b3bb7c645e17f341244
-
SHA512
cc55997da02be416b7751fbdce76ab0252515ed6b5cd3a1ecea05e6e0b616fe2a0e2e0980fe464e88685843997303dfb184c495752000a03047e69ee13e6d5a9
-
SSDEEP
24576:QyJ0Nb6A20Z48prrQQAGB7GY+fUqMZ9zB81wl8WbVT:XKNbDq8pQSx+cqAV8SB
Malware Config
Extracted
redline
larry
185.161.248.75:4132
-
auth_value
9039557bb7a08f5f2f60e2b71e1dee0e
Extracted
redline
warum
185.161.248.75:4132
-
auth_value
0bdb2dda91dadc65f555dee088a6a2a4
Targets
-
-
Target
a954f8539f126f5945385c742ee49b732d6319d59e265b3bb7c645e17f341244
-
Size
1.1MB
-
MD5
c24d8c1cb3663b8aa28b0ef400be93b4
-
SHA1
b1153145ddbef225fcd7371062e3935bdaa4c112
-
SHA256
a954f8539f126f5945385c742ee49b732d6319d59e265b3bb7c645e17f341244
-
SHA512
cc55997da02be416b7751fbdce76ab0252515ed6b5cd3a1ecea05e6e0b616fe2a0e2e0980fe464e88685843997303dfb184c495752000a03047e69ee13e6d5a9
-
SSDEEP
24576:QyJ0Nb6A20Z48prrQQAGB7GY+fUqMZ9zB81wl8WbVT:XKNbDq8pQSx+cqAV8SB
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-