General
-
Target
456aa9748adb9ebcbdb06aee14d3bc9a50a9224acd766de16e5bfd94d6b194a1
-
Size
1.1MB
-
Sample
230514-zen2nsfg6x
-
MD5
1bd7e024f10135a4963e293d3bfa6567
-
SHA1
1939c6c2daaab74d98048a7f870c85007df60f97
-
SHA256
456aa9748adb9ebcbdb06aee14d3bc9a50a9224acd766de16e5bfd94d6b194a1
-
SHA512
48eecac3670460636f97ebe3e5969edfa8944f25d37457a73770a8f56820f80522d8513c02c144236b4e1bccf5cc8c1eb7c74d738fb0687f5c39832d35584dd8
-
SSDEEP
24576:4y5CxX92OxCQvBvUhZDkqq5xzgMRZA1dntojRpq:/0xX92DQvBvUbkqq5xcgAHton
Malware Config
Extracted
redline
linda
185.161.248.75:4132
-
auth_value
21cdc21d041667b9c1679f88a1146770
Extracted
redline
horor
185.161.248.75:4132
-
auth_value
b8d506fe48db15c38fb031d07f42d529
Targets
-
-
Target
456aa9748adb9ebcbdb06aee14d3bc9a50a9224acd766de16e5bfd94d6b194a1
-
Size
1.1MB
-
MD5
1bd7e024f10135a4963e293d3bfa6567
-
SHA1
1939c6c2daaab74d98048a7f870c85007df60f97
-
SHA256
456aa9748adb9ebcbdb06aee14d3bc9a50a9224acd766de16e5bfd94d6b194a1
-
SHA512
48eecac3670460636f97ebe3e5969edfa8944f25d37457a73770a8f56820f80522d8513c02c144236b4e1bccf5cc8c1eb7c74d738fb0687f5c39832d35584dd8
-
SSDEEP
24576:4y5CxX92OxCQvBvUhZDkqq5xzgMRZA1dntojRpq:/0xX92DQvBvUbkqq5xcgAHton
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-