General
-
Target
2e51a4c4b27d42b69da363f8a051f284a24879cdf19b0a92187a2e86fcc6329f
-
Size
760KB
-
Sample
230527-xzzykadc7w
-
MD5
cec62b69a0c5e7fe364cef876193b9b0
-
SHA1
0774c5d773730acf56ef68fb47854a2acfeab7b6
-
SHA256
2e51a4c4b27d42b69da363f8a051f284a24879cdf19b0a92187a2e86fcc6329f
-
SHA512
db0836ae93b61265a7394a3e07e8838b0d6f6942bf0818ab32612f630f6284b2b91a2c1bb90d492c6734faf48ff0c97e26915e5b7a1e3f2775267f9b3f447f6c
-
SSDEEP
12288:hMrqy90ZxUW5QIm9wUZJFzaN50G0/lofGL4MsTTPMVjzQBu5F4wtL0p2REPRb:DyyxUW54zZJxaN50D/lofGkPRqC8qRb
Malware Config
Extracted
redline
dura
83.97.73.127:19062
-
auth_value
44b7d6fb9572dea0d64d018139c3d208
Extracted
redline
heroy
83.97.73.127:19062
-
auth_value
b2879468e50d2d36e66f1a067d4a8bb3
Targets
-
-
Target
2e51a4c4b27d42b69da363f8a051f284a24879cdf19b0a92187a2e86fcc6329f
-
Size
760KB
-
MD5
cec62b69a0c5e7fe364cef876193b9b0
-
SHA1
0774c5d773730acf56ef68fb47854a2acfeab7b6
-
SHA256
2e51a4c4b27d42b69da363f8a051f284a24879cdf19b0a92187a2e86fcc6329f
-
SHA512
db0836ae93b61265a7394a3e07e8838b0d6f6942bf0818ab32612f630f6284b2b91a2c1bb90d492c6734faf48ff0c97e26915e5b7a1e3f2775267f9b3f447f6c
-
SSDEEP
12288:hMrqy90ZxUW5QIm9wUZJFzaN50G0/lofGL4MsTTPMVjzQBu5F4wtL0p2REPRb:DyyxUW54zZJxaN50D/lofGkPRqC8qRb
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-