General
-
Target
926aa0310c53110ceccb9125a1bfdeb6fc1e913dc357f1c5160be091c2a72db3
-
Size
738KB
-
Sample
230606-pqb65sdf42
-
MD5
4bef477b8b24b843ea1d609ca23e2d4c
-
SHA1
8c75026123b8b68fbe1cf7c38c90dbe104f629c0
-
SHA256
926aa0310c53110ceccb9125a1bfdeb6fc1e913dc357f1c5160be091c2a72db3
-
SHA512
17dc7371396f6598be756f493794e500812940db79e851f9da9779fd5da6134e83cdf8b5e00f874f5cbc9bb9d41542a6341de8ccca075705b43b16794b39b699
-
SSDEEP
12288:aMrGy90JtPGsjKsdMs1dvT/fJ9rHMvApRiwW6NNlT0eOfscTYggZc0qS:oyujKAjvT/fJ5mkRiwWyT0eOfscTYggT
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
926aa0310c53110ceccb9125a1bfdeb6fc1e913dc357f1c5160be091c2a72db3
-
Size
738KB
-
MD5
4bef477b8b24b843ea1d609ca23e2d4c
-
SHA1
8c75026123b8b68fbe1cf7c38c90dbe104f629c0
-
SHA256
926aa0310c53110ceccb9125a1bfdeb6fc1e913dc357f1c5160be091c2a72db3
-
SHA512
17dc7371396f6598be756f493794e500812940db79e851f9da9779fd5da6134e83cdf8b5e00f874f5cbc9bb9d41542a6341de8ccca075705b43b16794b39b699
-
SSDEEP
12288:aMrGy90JtPGsjKsdMs1dvT/fJ9rHMvApRiwW6NNlT0eOfscTYggZc0qS:oyujKAjvT/fJ5mkRiwWyT0eOfscTYggT
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-