General
-
Target
904a5595da5fe765cfa2fafc92cbdee3459c5ed938501287242619569f3d8719
-
Size
773KB
-
Sample
230608-mp4tnaeh8x
-
MD5
74875a30537f6a93e0f950308f0d7694
-
SHA1
dc71fc9ee08cefa28237fcb53fa4e4c788312055
-
SHA256
904a5595da5fe765cfa2fafc92cbdee3459c5ed938501287242619569f3d8719
-
SHA512
cd48bbc9cf3ca1aa02ffc92ded99ef5d606745b18fbcefb87b12d822af64a096802bf9987de37dacc399904cbead29f1ef3a6634adbd7ed69a893d4ada05162d
-
SSDEEP
24576:2yE6S+nbQnGwyr3XdHaAKT5sJ/elJ1PVe2:FE+bKGwyRGkKJh
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
904a5595da5fe765cfa2fafc92cbdee3459c5ed938501287242619569f3d8719
-
Size
773KB
-
MD5
74875a30537f6a93e0f950308f0d7694
-
SHA1
dc71fc9ee08cefa28237fcb53fa4e4c788312055
-
SHA256
904a5595da5fe765cfa2fafc92cbdee3459c5ed938501287242619569f3d8719
-
SHA512
cd48bbc9cf3ca1aa02ffc92ded99ef5d606745b18fbcefb87b12d822af64a096802bf9987de37dacc399904cbead29f1ef3a6634adbd7ed69a893d4ada05162d
-
SSDEEP
24576:2yE6S+nbQnGwyr3XdHaAKT5sJ/elJ1PVe2:FE+bKGwyRGkKJh
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-