General
-
Target
4b5ae5660f914155505f062e32fd7e6f2e68aed403781a99fc84bb54cd521b47
-
Size
768KB
-
Sample
230526-a8m9ssdg5x
-
MD5
e239f21da6e0fb9efcc81370463e4d93
-
SHA1
26b7c2637495754f01378854ce243cf2596f5f32
-
SHA256
4b5ae5660f914155505f062e32fd7e6f2e68aed403781a99fc84bb54cd521b47
-
SHA512
8c254784455b0232949ac251e8c0cf3a4f103a8c7b9672b58e00545168ad9ea2dcb974d0a1dda8ac56af41f9b2679f8110755f094308bc6fcc2d48f50bb9094c
-
SSDEEP
12288:kMrOy902BRy2RC1C4CWgdaTvnG/t40qgNZJFHzlS0vGkBTrnM8tIW+UERG9N:iyLnyQC1VCWbv+4YFJ1uk5rM81+4
Malware Config
Extracted
redline
dina
83.97.73.122:19062
-
auth_value
4f77073adc624269de1bff760b9bc471
Extracted
redline
greg
83.97.73.122:19062
-
auth_value
4c966a90781c6b4ab7f512d018696362
Targets
-
-
Target
4b5ae5660f914155505f062e32fd7e6f2e68aed403781a99fc84bb54cd521b47
-
Size
768KB
-
MD5
e239f21da6e0fb9efcc81370463e4d93
-
SHA1
26b7c2637495754f01378854ce243cf2596f5f32
-
SHA256
4b5ae5660f914155505f062e32fd7e6f2e68aed403781a99fc84bb54cd521b47
-
SHA512
8c254784455b0232949ac251e8c0cf3a4f103a8c7b9672b58e00545168ad9ea2dcb974d0a1dda8ac56af41f9b2679f8110755f094308bc6fcc2d48f50bb9094c
-
SSDEEP
12288:kMrOy902BRy2RC1C4CWgdaTvnG/t40qgNZJFHzlS0vGkBTrnM8tIW+UERG9N:iyLnyQC1VCWbv+4YFJ1uk5rM81+4
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-