General
-
Target
28288552e980776f67a156a3c152ea88.bin
-
Size
742KB
-
Sample
230605-ml1b3afh96
-
MD5
da46b45fcb32a99789a91c0fa98af51b
-
SHA1
9cadfa6ed8947a54d5248bcb2e1439be3df51c1f
-
SHA256
cc6fde1e4f4240aa1d479037165453178dec7b91602d8ba6dc68e4fd08f153ee
-
SHA512
28856186a65fbddd4c684c28f2b497635b4675b5c37e4d995fc5ec5f7b0704f275a79ebbbf324f3c6dc63ae28908b6c24ffa903a7523584d9d0ceffff68d5321
-
SSDEEP
12288:fWuWQ8t0olTPSO7Mr8ccFlD91mXpS1P3dXzr/8Dx8XlDaDr2hr8teuRwzjFH:fW5HGolThnf5hrUDaXlODqd84zRH
Malware Config
Extracted
redline
maxi
83.97.73.126:19046
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19046
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
95b82657f9aa53a70f46d305f153f7d31984e740e0014204fa23dfced2fa030b.exe
-
Size
786KB
-
MD5
28288552e980776f67a156a3c152ea88
-
SHA1
25071dc8e8b6ee44315a72e2883ff5d5208d36cf
-
SHA256
95b82657f9aa53a70f46d305f153f7d31984e740e0014204fa23dfced2fa030b
-
SHA512
58a941832c3a574417979d0ebc279c7b1d303a8470349aa3e57cb75f8a1d3a56c39d47ea496d49416cbd0d9f3518e112aa4f8ccc17c96c5273d4a5cd22d3a70e
-
SSDEEP
24576:CysHpN2YrCllOBk1uE0WH0cYQ7RwvnWOQ:psZrqlFu7WFYwRw+O
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-