General
-
Target
f5b29a0afd7e548d6b33c1432197a65fc1a5adf88a624a8359a045fdb864f272.exe
-
Size
1.1MB
-
Sample
230514-xa39pafc71
-
MD5
6c169327fc7d25d4a7050f8a9a1da6af
-
SHA1
c4a4125f0479bd8956475d69fcb9a47fd7422cd7
-
SHA256
f5b29a0afd7e548d6b33c1432197a65fc1a5adf88a624a8359a045fdb864f272
-
SHA512
268f2d4e37e6e7f67b9f30159b6337a02455d5477c84003962d2c640b3e67d2b524f85ecff6d7ef1bb60f2fb8f4984ce13d42575bc3773b5bf79078809f0b414
-
SSDEEP
24576:qyYm+wZU76Ls/DKwjmEXiId5Y3zatSf08wI5QkzQ:xiwC76Ls/DKWmyBmatI5Qs
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
f5b29a0afd7e548d6b33c1432197a65fc1a5adf88a624a8359a045fdb864f272.exe
-
Size
1.1MB
-
MD5
6c169327fc7d25d4a7050f8a9a1da6af
-
SHA1
c4a4125f0479bd8956475d69fcb9a47fd7422cd7
-
SHA256
f5b29a0afd7e548d6b33c1432197a65fc1a5adf88a624a8359a045fdb864f272
-
SHA512
268f2d4e37e6e7f67b9f30159b6337a02455d5477c84003962d2c640b3e67d2b524f85ecff6d7ef1bb60f2fb8f4984ce13d42575bc3773b5bf79078809f0b414
-
SSDEEP
24576:qyYm+wZU76Ls/DKwjmEXiId5Y3zatSf08wI5QkzQ:xiwC76Ls/DKWmyBmatI5Qs
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-