General
-
Target
b1712131bb0536845ebf4a8a37ded6ba1c4919a161279c4374ab372c64ea9cb6
-
Size
736KB
-
Sample
230605-ve4pxaac61
-
MD5
49f0fbaac9c826e914e98a1d8bd51d15
-
SHA1
353110885a8003425d369d4d8495301d8e65b5b1
-
SHA256
b1712131bb0536845ebf4a8a37ded6ba1c4919a161279c4374ab372c64ea9cb6
-
SHA512
b9d6f3221efd550a384eb23d20c85a29c5bc59e1543f2cd6b2396f00a3d9cf6dca7b8dbf82342163aac4cc7f1c46d0c03b1892b7aedbd9901683235f68b27a92
-
SSDEEP
12288:6Mrmy902i9+v0Es5WLaoY0jfWT3Lycf+IGF0fROu+YLa3sd8ZAciq6/S:oyznvm5WLZfW2NITfzvCsd8p4S
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
metro
83.97.73.126:19048
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Targets
-
-
Target
b1712131bb0536845ebf4a8a37ded6ba1c4919a161279c4374ab372c64ea9cb6
-
Size
736KB
-
MD5
49f0fbaac9c826e914e98a1d8bd51d15
-
SHA1
353110885a8003425d369d4d8495301d8e65b5b1
-
SHA256
b1712131bb0536845ebf4a8a37ded6ba1c4919a161279c4374ab372c64ea9cb6
-
SHA512
b9d6f3221efd550a384eb23d20c85a29c5bc59e1543f2cd6b2396f00a3d9cf6dca7b8dbf82342163aac4cc7f1c46d0c03b1892b7aedbd9901683235f68b27a92
-
SSDEEP
12288:6Mrmy902i9+v0Es5WLaoY0jfWT3Lycf+IGF0fROu+YLa3sd8ZAciq6/S:oyznvm5WLZfW2NITfzvCsd8p4S
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-