General
-
Target
18e8fc180d093815c8c84eeae9e1655e669b6122a68a94da91f37a7be259d902
-
Size
771KB
-
Sample
230608-rwwh3sgg7z
-
MD5
70ed497721cfbfaa1c6ce7c957f1ac81
-
SHA1
56a92c3b045b70f003f4838427ea1a677520d72a
-
SHA256
18e8fc180d093815c8c84eeae9e1655e669b6122a68a94da91f37a7be259d902
-
SHA512
a0b19fdcac0cd2541af4f96c8296f06ab03046f925fa5e14f764ec1c79ed265cc64f5c5a38303eb035867df27e143298eff943b5fa52e50b75357c8f6ed76e72
-
SSDEEP
12288:kMr/y90lfJeuzzQTOFJLoqKMH1r9TKF9xLG3K7wGIWHbAXir8WIYDRVuw1f:jy2UuXq4Loj09TY63K0G1ASrdIY9zJ
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
18e8fc180d093815c8c84eeae9e1655e669b6122a68a94da91f37a7be259d902
-
Size
771KB
-
MD5
70ed497721cfbfaa1c6ce7c957f1ac81
-
SHA1
56a92c3b045b70f003f4838427ea1a677520d72a
-
SHA256
18e8fc180d093815c8c84eeae9e1655e669b6122a68a94da91f37a7be259d902
-
SHA512
a0b19fdcac0cd2541af4f96c8296f06ab03046f925fa5e14f764ec1c79ed265cc64f5c5a38303eb035867df27e143298eff943b5fa52e50b75357c8f6ed76e72
-
SSDEEP
12288:kMr/y90lfJeuzzQTOFJLoqKMH1r9TKF9xLG3K7wGIWHbAXir8WIYDRVuw1f:jy2UuXq4Loj09TY63K0G1ASrdIY9zJ
Score10/10-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-