General
-
Target
8c0a4bfe6b7d24892769e0338f425435769e6b2ae3a9af2905491634a643b4e7
-
Size
724KB
-
Sample
230606-yv23ssga41
-
MD5
9d3b877dc78b1e4a6a9607cb26feebb3
-
SHA1
4c1662a5d1af7793fc383eb4880b7e7a7a1cd690
-
SHA256
8c0a4bfe6b7d24892769e0338f425435769e6b2ae3a9af2905491634a643b4e7
-
SHA512
65258a4fc7b7a75688241b5b2ac7a369225ab052d8c53a65abb1ce9411f6e6a4cdd1f32ddeadc85ca47228596439b85611a7abfcfc109690a3e82380fba9cd3e
-
SSDEEP
12288:xMr+y90Vq6HgwwUDO7KAAj+OAEobhACbn4Ze9JCsimEznsf:DyWqugw/RAAfkyGnAsREznE
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
8c0a4bfe6b7d24892769e0338f425435769e6b2ae3a9af2905491634a643b4e7
-
Size
724KB
-
MD5
9d3b877dc78b1e4a6a9607cb26feebb3
-
SHA1
4c1662a5d1af7793fc383eb4880b7e7a7a1cd690
-
SHA256
8c0a4bfe6b7d24892769e0338f425435769e6b2ae3a9af2905491634a643b4e7
-
SHA512
65258a4fc7b7a75688241b5b2ac7a369225ab052d8c53a65abb1ce9411f6e6a4cdd1f32ddeadc85ca47228596439b85611a7abfcfc109690a3e82380fba9cd3e
-
SSDEEP
12288:xMr+y90Vq6HgwwUDO7KAAj+OAEobhACbn4Ze9JCsimEznsf:DyWqugw/RAAfkyGnAsREznE
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-