General
-
Target
12545e5337c24cc567d6bad54923e91780322c855c0ebbb534d70583695b2bfd
-
Size
771KB
-
Sample
230526-221p4ahe54
-
MD5
701973a86c29f11cfc2923f3571369b6
-
SHA1
72424f2a7fce0fbb9f7f269d6eeb4ba30580daa7
-
SHA256
12545e5337c24cc567d6bad54923e91780322c855c0ebbb534d70583695b2bfd
-
SHA512
d29ed366aaad10cfb1808d709dbacf05a26e9ced56c701120cdec5f4d03c050437a5857dcfd372de9ab594c616c033ba93c6d9cca807ef6ffaf7a98f4aec7ca4
-
SSDEEP
12288:AMriy90S9KenkZXmnQCjYOJvKEExvkjoDWuXz8Hgo06RBh0/0h/EkT/kAjpw:SyrkenkZ6QsKcsEHHFh0EHbhjpw
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
12545e5337c24cc567d6bad54923e91780322c855c0ebbb534d70583695b2bfd
-
Size
771KB
-
MD5
701973a86c29f11cfc2923f3571369b6
-
SHA1
72424f2a7fce0fbb9f7f269d6eeb4ba30580daa7
-
SHA256
12545e5337c24cc567d6bad54923e91780322c855c0ebbb534d70583695b2bfd
-
SHA512
d29ed366aaad10cfb1808d709dbacf05a26e9ced56c701120cdec5f4d03c050437a5857dcfd372de9ab594c616c033ba93c6d9cca807ef6ffaf7a98f4aec7ca4
-
SSDEEP
12288:AMriy90S9KenkZXmnQCjYOJvKEExvkjoDWuXz8Hgo06RBh0/0h/EkT/kAjpw:SyrkenkZ6QsKcsEHHFh0EHbhjpw
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-