General
-
Target
98c5173f646b2657e950bf1a308dd5c3c2a55eb80e2d95855d2c5261382f236a
-
Size
724KB
-
Sample
230607-nnl3wshg65
-
MD5
e8034abd182e3e51f3dece8e49f37283
-
SHA1
94efd01ea4b8960ff59bded45925f5531c2793e3
-
SHA256
98c5173f646b2657e950bf1a308dd5c3c2a55eb80e2d95855d2c5261382f236a
-
SHA512
57a92e39d2168a4d8a4960e0f3130a11579a907d7e483488e78ddbf31e8248753b64d4dca962f47a8bd5e5395d5c4ccaee2ca1ef6acc33bf4138dd12bb6ef314
-
SSDEEP
12288:pMr2y90HGIvLRU0pwRZlfuzBDvMP4PZcFiVhh0bDrh4u31:TykGIvLq0iZlg4PQcSGrd1
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
shore
83.97.73.129:19068
-
auth_value
3be47ce95ac58176e4771019f5179f79
Targets
-
-
Target
98c5173f646b2657e950bf1a308dd5c3c2a55eb80e2d95855d2c5261382f236a
-
Size
724KB
-
MD5
e8034abd182e3e51f3dece8e49f37283
-
SHA1
94efd01ea4b8960ff59bded45925f5531c2793e3
-
SHA256
98c5173f646b2657e950bf1a308dd5c3c2a55eb80e2d95855d2c5261382f236a
-
SHA512
57a92e39d2168a4d8a4960e0f3130a11579a907d7e483488e78ddbf31e8248753b64d4dca962f47a8bd5e5395d5c4ccaee2ca1ef6acc33bf4138dd12bb6ef314
-
SSDEEP
12288:pMr2y90HGIvLRU0pwRZlfuzBDvMP4PZcFiVhh0bDrh4u31:TykGIvLq0iZlg4PQcSGrd1
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-