General
-
Target
a873299e61c48e89a82f9916dc8bb4f7a95a62fd59cebea18a7e853df5b3465c
-
Size
729KB
-
Sample
230605-qargkahc7w
-
MD5
c757a313578ae1dcf8c9ebc6bd7bddaa
-
SHA1
bcefec8ddcba79bbfca820f59b5ae24ca9d21aeb
-
SHA256
a873299e61c48e89a82f9916dc8bb4f7a95a62fd59cebea18a7e853df5b3465c
-
SHA512
6f48c0b1cab594dcb0558c54e70eab1638e6e9265b55e448b56b8cee1ef2024e204412ba0b193cdfea44009be2660f0a5ab49a73d13c2a288948afd0c8c5c414
-
SSDEEP
12288:3MrAy90jSmDkjvXjfB2H1P4CrVDBE8iCh1zAL1b5G5I3QcH3Qbm6KLz9jh+dA:rymojk1P4Cr1BoexGbyeX3Ym5z9AdA
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19048
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Extracted
redline
diza
83.97.73.126:19048
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
a873299e61c48e89a82f9916dc8bb4f7a95a62fd59cebea18a7e853df5b3465c
-
Size
729KB
-
MD5
c757a313578ae1dcf8c9ebc6bd7bddaa
-
SHA1
bcefec8ddcba79bbfca820f59b5ae24ca9d21aeb
-
SHA256
a873299e61c48e89a82f9916dc8bb4f7a95a62fd59cebea18a7e853df5b3465c
-
SHA512
6f48c0b1cab594dcb0558c54e70eab1638e6e9265b55e448b56b8cee1ef2024e204412ba0b193cdfea44009be2660f0a5ab49a73d13c2a288948afd0c8c5c414
-
SSDEEP
12288:3MrAy90jSmDkjvXjfB2H1P4CrVDBE8iCh1zAL1b5G5I3QcH3Qbm6KLz9jh+dA:rymojk1P4Cr1BoexGbyeX3Ym5z9AdA
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-