General
-
Target
bb256ee62b85dc522d2c8694681f789bfb3bbd19160cf544b950b581787ce570
-
Size
737KB
-
Sample
230606-q7pdgaee8t
-
MD5
8cbd362081a1042c0469f35ab503929c
-
SHA1
28ddb29e27f7b59d45a6dc38a4ded65d3c6ac841
-
SHA256
bb256ee62b85dc522d2c8694681f789bfb3bbd19160cf544b950b581787ce570
-
SHA512
b5e52a436138a01fb8222d7122c52936ab4d1b01e14f95e08eb1dc816d4c422649d17cb43d2fd7143af5b86ba01036db7d13eac6e156b4d9e92dc64655c973c1
-
SSDEEP
12288:HMr+y90uCiCEnr+3C0zPlUHlbxW4fnHuArtGxdWi0Bb4lBXt87ELPf:Jy4ib8qHlbxW42aIbW1BMlBdlf
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
bb256ee62b85dc522d2c8694681f789bfb3bbd19160cf544b950b581787ce570
-
Size
737KB
-
MD5
8cbd362081a1042c0469f35ab503929c
-
SHA1
28ddb29e27f7b59d45a6dc38a4ded65d3c6ac841
-
SHA256
bb256ee62b85dc522d2c8694681f789bfb3bbd19160cf544b950b581787ce570
-
SHA512
b5e52a436138a01fb8222d7122c52936ab4d1b01e14f95e08eb1dc816d4c422649d17cb43d2fd7143af5b86ba01036db7d13eac6e156b4d9e92dc64655c973c1
-
SSDEEP
12288:HMr+y90uCiCEnr+3C0zPlUHlbxW4fnHuArtGxdWi0Bb4lBXt87ELPf:Jy4ib8qHlbxW42aIbW1BMlBdlf
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-