General
-
Target
dc28b0514454850dd35ea03aa68ad664fe9ed059e6713eefccd82fc52fc2fb06
-
Size
1.0MB
-
Sample
230528-q2vcjaff6y
-
MD5
3bc3b95074a485e5b1b8d7deadfc298d
-
SHA1
02d930c2f11e1b417906ffc39e8c2c540b976265
-
SHA256
dc28b0514454850dd35ea03aa68ad664fe9ed059e6713eefccd82fc52fc2fb06
-
SHA512
ebdf8024003b90bb4974a9f8d0dafa2ea059aab80cb7dbe64b2a923cd369e1afb5f9af3e2daf47a4cf1000b8fd822bedf3c4d7bdccd9dc3efd73092b8f61520e
-
SSDEEP
24576:Wy6yFBPF0a3fV9trAik7ARCDBl1sRH/bD3nmqDCg7UY:lLFPT3fV91Xk7ARan18zmG
Malware Config
Extracted
redline
laswa
83.97.73.127:19062
-
auth_value
f93b7c6dad009734b220c3bf54087e12
Extracted
redline
mirko
83.97.73.127:19062
-
auth_value
35111a095377107ec8b7d3e035831af8
Extracted
redline
Redline
85.31.54.183:18435
-
auth_value
50837656cba6e4dd56bfbb4a61dadb63
Targets
-
-
Target
dc28b0514454850dd35ea03aa68ad664fe9ed059e6713eefccd82fc52fc2fb06
-
Size
1.0MB
-
MD5
3bc3b95074a485e5b1b8d7deadfc298d
-
SHA1
02d930c2f11e1b417906ffc39e8c2c540b976265
-
SHA256
dc28b0514454850dd35ea03aa68ad664fe9ed059e6713eefccd82fc52fc2fb06
-
SHA512
ebdf8024003b90bb4974a9f8d0dafa2ea059aab80cb7dbe64b2a923cd369e1afb5f9af3e2daf47a4cf1000b8fd822bedf3c4d7bdccd9dc3efd73092b8f61520e
-
SSDEEP
24576:Wy6yFBPF0a3fV9trAik7ARCDBl1sRH/bD3nmqDCg7UY:lLFPT3fV91Xk7ARan18zmG
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-