General
-
Target
b1f603c293cf88d8344ffa6894e57459df07402cdb484c9e413fe25579b61cff
-
Size
1.0MB
-
Sample
230529-rck81acf3z
-
MD5
de6d67be5ceb0599a9fce792d1a18d1d
-
SHA1
3a6324bd1e88b80f59eada65aa8f2a72532b3688
-
SHA256
b1f603c293cf88d8344ffa6894e57459df07402cdb484c9e413fe25579b61cff
-
SHA512
d9bfc7a53ddbc8362119bce5981645f3fea22110343fa051c48de5d51f1093fa5e21b775eee2e38649c0bf1d3f5296b05b95ab382739bfebd42269ca12d80820
-
SSDEEP
24576:eygRYqpzWJXdhH75uimCs8HmaYM1reh3+cFJMh6M:tWYqpSJXdl9uimCs8DDeh3N
Malware Config
Extracted
redline
lizsa
83.97.73.127:19045
-
auth_value
44b0b71b36e78465dbdebb4ecfb78b77
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
b1f603c293cf88d8344ffa6894e57459df07402cdb484c9e413fe25579b61cff
-
Size
1.0MB
-
MD5
de6d67be5ceb0599a9fce792d1a18d1d
-
SHA1
3a6324bd1e88b80f59eada65aa8f2a72532b3688
-
SHA256
b1f603c293cf88d8344ffa6894e57459df07402cdb484c9e413fe25579b61cff
-
SHA512
d9bfc7a53ddbc8362119bce5981645f3fea22110343fa051c48de5d51f1093fa5e21b775eee2e38649c0bf1d3f5296b05b95ab382739bfebd42269ca12d80820
-
SSDEEP
24576:eygRYqpzWJXdhH75uimCs8HmaYM1reh3+cFJMh6M:tWYqpSJXdl9uimCs8DDeh3N
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-