General
-
Target
05c2b70f414ec708457726e488ace5db.bin
-
Size
1.1MB
-
Sample
230515-bct8xaeb59
-
MD5
8ef21fb5b7a99c3c5a8b763dbffd59d0
-
SHA1
b9daff679347e326d2a71ccaf1f38b7212f3c056
-
SHA256
bcbd4f8659ecbfcf9dfe638e5f66d6f968a618c7154459435daa5e9bf8c32ceb
-
SHA512
e629d48021fc71324201562eb8227f58ebfe96de4cef957f5e338e02bb7c04fd65121e5158d0b51f7f89878f0524d0bf3fa1bbe91499b3e9ca787a3dc5ea3e04
-
SSDEEP
24576:4j2xvnk9yD0GLJ7OGWRuzXoOr7iljSPhUkuZtC5A0ny:4ixv94GV7rWRYXoa7ilGPhUVZUA0ny
Malware Config
Extracted
redline
motor
185.161.248.75:4132
-
auth_value
ec19ab9989a783983c5cbbc0e5ac4a5f
Extracted
redline
terra
185.161.248.75:4132
-
auth_value
60df3f535f8aa4e264f78041983592d2
Targets
-
-
Target
90918dafad342d656f5956daec69d3477de092bba7888d342ee7e5ff4c6638a8.exe
-
Size
1.1MB
-
MD5
05c2b70f414ec708457726e488ace5db
-
SHA1
58c7a9c81d23f3f7e9de494ff7dc19712221f5c3
-
SHA256
90918dafad342d656f5956daec69d3477de092bba7888d342ee7e5ff4c6638a8
-
SHA512
2056b4c7bef6935bd1e9a8ca5c7d9f35381a5daaa9f7fec70a86dd7e5221a116e3d6c8a8b7ccade69a5045bf527793f6f15b36dd448dafa731592cec9d5bc269
-
SSDEEP
24576:cy7r8LYvqZZGe2vpmIYE5hEYPqtpQlGx2AmiCjK:LMtGVv0+PMPuZj
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-