General
-
Target
d189e78e425b8e174dae2982f2d7c6ca7cc1009823e0250c52bd3d2e6011943a.exe
-
Size
1.1MB
-
Sample
230514-w7mgrsfb4v
-
MD5
7b4334d2e1200c95b604aabb59bf0753
-
SHA1
4a431a81567a1cc47079bf338823855cdee8016b
-
SHA256
d189e78e425b8e174dae2982f2d7c6ca7cc1009823e0250c52bd3d2e6011943a
-
SHA512
b1895d30dd100c9934070f1b63a1e46a9ee0bcf39201ec6fd3843bcdd1b1cb7779256a781cab92e752fe7be63dd7c982bf4d4a365da033472631254925ce23a6
-
SSDEEP
24576:PyIwCLqbDpxj6KtZ88K98o02DdTxQUpwOaH6pBy:ahC+XpxjvO93bJxtKH+
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
d189e78e425b8e174dae2982f2d7c6ca7cc1009823e0250c52bd3d2e6011943a.exe
-
Size
1.1MB
-
MD5
7b4334d2e1200c95b604aabb59bf0753
-
SHA1
4a431a81567a1cc47079bf338823855cdee8016b
-
SHA256
d189e78e425b8e174dae2982f2d7c6ca7cc1009823e0250c52bd3d2e6011943a
-
SHA512
b1895d30dd100c9934070f1b63a1e46a9ee0bcf39201ec6fd3843bcdd1b1cb7779256a781cab92e752fe7be63dd7c982bf4d4a365da033472631254925ce23a6
-
SSDEEP
24576:PyIwCLqbDpxj6KtZ88K98o02DdTxQUpwOaH6pBy:ahC+XpxjvO93bJxtKH+
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-