General
-
Target
8160067b5e719e68011bfc5b1390f513e54cb489e4478aa41eb23dc778124707
-
Size
585KB
-
Sample
230606-qwm19sed7s
-
MD5
18597e6ce6deb8a0449baaee77a7ea9e
-
SHA1
bcbd83e69529ebde1a9b3ed3f76786989bb4d543
-
SHA256
8160067b5e719e68011bfc5b1390f513e54cb489e4478aa41eb23dc778124707
-
SHA512
1c3ab9dac58cb366392a6b1f277db8cf4c48568e2e82e55808263bddc5496bbe76a3d2d90f2fc09ac8facb12594e7f7d7d63b2cd2275106fd60eeaca086d22df
-
SSDEEP
12288:YMrCy90m/qi3dntxuPPVPyUZN06QDj8Ya9cvPVHVLdN2V:6y8iU3VPys4vPuV
Malware Config
Extracted
redline
diza
83.97.73.126:19048
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
8160067b5e719e68011bfc5b1390f513e54cb489e4478aa41eb23dc778124707
-
Size
585KB
-
MD5
18597e6ce6deb8a0449baaee77a7ea9e
-
SHA1
bcbd83e69529ebde1a9b3ed3f76786989bb4d543
-
SHA256
8160067b5e719e68011bfc5b1390f513e54cb489e4478aa41eb23dc778124707
-
SHA512
1c3ab9dac58cb366392a6b1f277db8cf4c48568e2e82e55808263bddc5496bbe76a3d2d90f2fc09ac8facb12594e7f7d7d63b2cd2275106fd60eeaca086d22df
-
SSDEEP
12288:YMrCy90m/qi3dntxuPPVPyUZN06QDj8Ya9cvPVHVLdN2V:6y8iU3VPys4vPuV
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-