General
-
Target
94de3b00e6c44e8d37188d026d4aedee52cbadf6351f38512854f93f6c1082f9
-
Size
738KB
-
Sample
230606-lg8l7sde5z
-
MD5
96b6e3751a8d8f27bb5670fa39895394
-
SHA1
98a5095aa9ef74dcf8fb637e30d5d27e985c0823
-
SHA256
94de3b00e6c44e8d37188d026d4aedee52cbadf6351f38512854f93f6c1082f9
-
SHA512
2c51c0f6f80f4bffa9c075288d5c1d865403667a44f601314dd67e9925f1bac6361b1b3e7b395e70eff244ab2cb0f9a1852d9e87375ab3f9209716d709374c81
-
SSDEEP
12288:tMrDy906QmkkT4Gym/VgcUW4cjAg/MSWM/gE0O80d1ie7TN0twUf+Iw5ZY7:SyvRkkdxpt4Zg/kM4Tu1iYhI/fYZY7
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
94de3b00e6c44e8d37188d026d4aedee52cbadf6351f38512854f93f6c1082f9
-
Size
738KB
-
MD5
96b6e3751a8d8f27bb5670fa39895394
-
SHA1
98a5095aa9ef74dcf8fb637e30d5d27e985c0823
-
SHA256
94de3b00e6c44e8d37188d026d4aedee52cbadf6351f38512854f93f6c1082f9
-
SHA512
2c51c0f6f80f4bffa9c075288d5c1d865403667a44f601314dd67e9925f1bac6361b1b3e7b395e70eff244ab2cb0f9a1852d9e87375ab3f9209716d709374c81
-
SSDEEP
12288:tMrDy906QmkkT4Gym/VgcUW4cjAg/MSWM/gE0O80d1ie7TN0twUf+Iw5ZY7:SyvRkkdxpt4Zg/kM4Tu1iYhI/fYZY7
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-