General
-
Target
file.exe
-
Size
580KB
-
Sample
230605-h6m51sfh3w
-
MD5
2eb76d4e6e7c584147d0b573573a81e1
-
SHA1
267520fc7483b4932cb2491fd4acf471b137d227
-
SHA256
815481e49866ad19d437c62da9f6dd94761cb0644f19d8e2f5248e52b63edd89
-
SHA512
2a2a6fe5fd63a9deda1963551b47ff0360cc2202d8173e9abf7c8b569e22df1de4a0d8fceae4b423b33e110bd8ab7eabbde5762c3ed7588644a0a9f28271aec5
-
SSDEEP
12288:zMrxy90htVdtsh2w7KnDuAcdr8G2RKnGAzTuvzT16yBm:ayq3tsh2w2nJciRRaGIyvv17U
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
file.exe
-
Size
580KB
-
MD5
2eb76d4e6e7c584147d0b573573a81e1
-
SHA1
267520fc7483b4932cb2491fd4acf471b137d227
-
SHA256
815481e49866ad19d437c62da9f6dd94761cb0644f19d8e2f5248e52b63edd89
-
SHA512
2a2a6fe5fd63a9deda1963551b47ff0360cc2202d8173e9abf7c8b569e22df1de4a0d8fceae4b423b33e110bd8ab7eabbde5762c3ed7588644a0a9f28271aec5
-
SSDEEP
12288:zMrxy90htVdtsh2w7KnDuAcdr8G2RKnGAzTuvzT16yBm:ayq3tsh2w2nJciRRaGIyvv17U
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-