General
-
Target
21ddf94fce88b1aa600c26208f0398b09c82308e0f90e6336a8f68ae81dce2d0
-
Size
764KB
-
Sample
230526-nr3j2sfg2w
-
MD5
a6248f4c60d46ed7e218224e353f4224
-
SHA1
d9611fafdf2041b2a7df63494b6a61c886fd1c88
-
SHA256
21ddf94fce88b1aa600c26208f0398b09c82308e0f90e6336a8f68ae81dce2d0
-
SHA512
107e2ed62590a938d03e05fd8bcd927f66519bcc72c7cab8722a13c751c016542e144acb9ce41437a43806e9427c9a5abff94b603e422b84e73478256bb52b75
-
SSDEEP
12288:cMrAy9065+BvQ2oragyJwFc1WQHX+34qddZFxFqvmJr5jq+4dB5md/LBNEi67:ky/dKiFSPRqddvq+J1p4f5mdDA
Malware Config
Extracted
redline
disa
83.97.73.122:19062
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Extracted
redline
goga
83.97.73.122:19062
-
auth_value
6d57dff6d3c42dddb8a76dc276b8467f
Targets
-
-
Target
21ddf94fce88b1aa600c26208f0398b09c82308e0f90e6336a8f68ae81dce2d0
-
Size
764KB
-
MD5
a6248f4c60d46ed7e218224e353f4224
-
SHA1
d9611fafdf2041b2a7df63494b6a61c886fd1c88
-
SHA256
21ddf94fce88b1aa600c26208f0398b09c82308e0f90e6336a8f68ae81dce2d0
-
SHA512
107e2ed62590a938d03e05fd8bcd927f66519bcc72c7cab8722a13c751c016542e144acb9ce41437a43806e9427c9a5abff94b603e422b84e73478256bb52b75
-
SSDEEP
12288:cMrAy9065+BvQ2oragyJwFc1WQHX+34qddZFxFqvmJr5jq+4dB5md/LBNEi67:ky/dKiFSPRqddvq+J1p4f5mdDA
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-