General
-
Target
c5f656e37e0f79c1d657fac79c0dc6f9.exe
-
Size
689KB
-
Sample
210727-q7tc7qfbne
-
MD5
c5f656e37e0f79c1d657fac79c0dc6f9
-
SHA1
9f8ea43cff55f791bc07b54831db69ff8e538536
-
SHA256
4a366034ebd2de1c9b6a13b215a82d56b31c0ed5f6162edc55b11084b69d1e46
-
SHA512
7a4269a1bcebb4f2858c66599ac609bc8a22972e72a8fe073b0f4262c07ff273ed7833cdedd901444187367dae550d753c2c607fcc3effbf7a8cec9b9cadb578
Static task
static1
Behavioral task
behavioral1
Sample
c5f656e37e0f79c1d657fac79c0dc6f9.exe
Resource
win7v20210410
Malware Config
Extracted
redline
MIX 27.07
185.215.113.17:18597
Targets
-
-
Target
c5f656e37e0f79c1d657fac79c0dc6f9.exe
-
Size
689KB
-
MD5
c5f656e37e0f79c1d657fac79c0dc6f9
-
SHA1
9f8ea43cff55f791bc07b54831db69ff8e538536
-
SHA256
4a366034ebd2de1c9b6a13b215a82d56b31c0ed5f6162edc55b11084b69d1e46
-
SHA512
7a4269a1bcebb4f2858c66599ac609bc8a22972e72a8fe073b0f4262c07ff273ed7833cdedd901444187367dae550d753c2c607fcc3effbf7a8cec9b9cadb578
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-