General
-
Target
fab18787863297968fe1c105420d8465.exe
-
Size
692KB
-
Sample
210727-1navn4p4f2
-
MD5
fab18787863297968fe1c105420d8465
-
SHA1
f1069e7432ba125ee7c4eb67064b817134095ab9
-
SHA256
04a7438ab8d6f9429c0ae2856093431cbcc974f753862d726caa0d4bc8eef916
-
SHA512
b4c9b8a0e151807064b0fc9da9f35a50e78d8e47a94d96870f1c2a6c85e1077cc30ad827256f4a89df4901b3bab805dd0998795a0282010f101550d2323436bf
Static task
static1
Behavioral task
behavioral1
Sample
fab18787863297968fe1c105420d8465.exe
Resource
win7v20210410
Malware Config
Extracted
redline
MIX 27.07
185.215.113.17:18597
Targets
-
-
Target
fab18787863297968fe1c105420d8465.exe
-
Size
692KB
-
MD5
fab18787863297968fe1c105420d8465
-
SHA1
f1069e7432ba125ee7c4eb67064b817134095ab9
-
SHA256
04a7438ab8d6f9429c0ae2856093431cbcc974f753862d726caa0d4bc8eef916
-
SHA512
b4c9b8a0e151807064b0fc9da9f35a50e78d8e47a94d96870f1c2a6c85e1077cc30ad827256f4a89df4901b3bab805dd0998795a0282010f101550d2323436bf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-