General
-
Target
b8883ad3_1rOxMMoVIn
-
Size
174KB
-
Sample
210813-5y314zrj5s
-
MD5
b8883ad317d0672f3c5ac91085b2adcf
-
SHA1
9de53372a9ac0b4bf8c2215ec14faacdd152e8fa
-
SHA256
865e9850f1d324145f5dc51b48dbfd18ff839d69d3cd47b7424e35fd09a33ce0
-
SHA512
b6b4b0089d842a4b7e016074f0e191ad381a703788726df5a6d80170cd67b8e033225f1fe97d5b192fb0a09037f5631e8c20d75d9c1b10d5a0a35c9d044b1529
Static task
static1
Behavioral task
behavioral1
Sample
b8883ad3_1rOxMMoVIn.exe
Resource
win7v20210408
Malware Config
Extracted
redline
7new
sytareliar.xyz:80
yabelesatg.xyz:80
ceneimarck.xyz:80
Targets
-
-
Target
b8883ad3_1rOxMMoVIn
-
Size
174KB
-
MD5
b8883ad317d0672f3c5ac91085b2adcf
-
SHA1
9de53372a9ac0b4bf8c2215ec14faacdd152e8fa
-
SHA256
865e9850f1d324145f5dc51b48dbfd18ff839d69d3cd47b7424e35fd09a33ce0
-
SHA512
b6b4b0089d842a4b7e016074f0e191ad381a703788726df5a6d80170cd67b8e033225f1fe97d5b192fb0a09037f5631e8c20d75d9c1b10d5a0a35c9d044b1529
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-