General
-
Target
0447083388c7c561cd616c5dc223c5cb.bin
-
Size
1.1MB
-
Sample
230515-bcpy7agd71
-
MD5
e9a593509ceae500bb0e05ca64c9579a
-
SHA1
28b634dd1dcb87a1ac074aac57cc867319232feb
-
SHA256
a01cedac5d5a58779d8972872289c31aa5380d6a9d37fcbad866148627e35483
-
SHA512
49d201afadc911983e8f6cb3f18e9b55262a9ac593082c57b6ede5c6ee3ccce9fb380b02004079e3e65623889a6c36a520ce6d9dc07901fae54c46c6de8ee2e9
-
SSDEEP
24576:jJT/gA2qokmSFurLQ4IT1ORfyHooru+wD8Z590EYFFK0jbnVHo:jJTIRFkmSFWLQ4NfyHoSCE5yXFI0jbNo
Malware Config
Extracted
redline
dogma
185.161.248.75:4132
-
auth_value
d6c5d36e9aa03c956dc76aa0fcbe3639
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
fdd537b813d388150583b634afb1bcf0d116e76bb1458b07e74b83e67d68500c.exe
-
Size
1.1MB
-
MD5
0447083388c7c561cd616c5dc223c5cb
-
SHA1
ed123a50428c26dddbe4ada33444d5e5da02a9a5
-
SHA256
fdd537b813d388150583b634afb1bcf0d116e76bb1458b07e74b83e67d68500c
-
SHA512
b32720e79e31b871c1a67b774967a7789329ac74135e7b0de0fe37deba7ba2286fefa5d05193e75f331937e3eb7484825d93f8e3ffa9ff985b5394b1206cdcbb
-
SSDEEP
24576:wy4UuVuA8ktax9JSKUjkvk8BBBVBqBmthQ7rHayk5ZEf9Ue3:34oA8dIK1vzB/VwEIPk5O
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-