General
-
Target
bdad2085c91952ad3c83c8a97c8a3a0d5785138d13d9988bbc09b71d6246812c
-
Size
602KB
-
Sample
210830-35fwm23zen
-
MD5
4bf757e2590a25c57d559e4f744d5c86
-
SHA1
978e742ac0892e71cdba9ba3ac759dc8212fa6a2
-
SHA256
bdad2085c91952ad3c83c8a97c8a3a0d5785138d13d9988bbc09b71d6246812c
-
SHA512
6a05e4e892b6c3a75611421276e421285fc2a30c6f4de90fd9aae3a9e5d1627b6a27b1dbcd650b458eeb209b93554a200ec1ede56593b4b275506a18c8747149
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
bdad2085c91952ad3c83c8a97c8a3a0d5785138d13d9988bbc09b71d6246812c
-
Size
602KB
-
MD5
4bf757e2590a25c57d559e4f744d5c86
-
SHA1
978e742ac0892e71cdba9ba3ac759dc8212fa6a2
-
SHA256
bdad2085c91952ad3c83c8a97c8a3a0d5785138d13d9988bbc09b71d6246812c
-
SHA512
6a05e4e892b6c3a75611421276e421285fc2a30c6f4de90fd9aae3a9e5d1627b6a27b1dbcd650b458eeb209b93554a200ec1ede56593b4b275506a18c8747149
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-