General
-
Target
e3b945e540705733fe65ca419b2993a25de9c0ce09721962164c44ee7753d35b
-
Size
603KB
-
Sample
210830-c8ke6rchq2
-
MD5
772e1663ea390985e31eb52a1aba9429
-
SHA1
4c67fc83fd048b792945081032bbc75a09696cf9
-
SHA256
e3b945e540705733fe65ca419b2993a25de9c0ce09721962164c44ee7753d35b
-
SHA512
bdbf3a801db8593b1f5bbbb2c6293771d706519f0883cfc954ee7cc0c0552feef8079d51c14a850233b2fab97fc62e3ea4d58d3d1f2e84ca2a9e5ac6b12f271b
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
e3b945e540705733fe65ca419b2993a25de9c0ce09721962164c44ee7753d35b
-
Size
603KB
-
MD5
772e1663ea390985e31eb52a1aba9429
-
SHA1
4c67fc83fd048b792945081032bbc75a09696cf9
-
SHA256
e3b945e540705733fe65ca419b2993a25de9c0ce09721962164c44ee7753d35b
-
SHA512
bdbf3a801db8593b1f5bbbb2c6293771d706519f0883cfc954ee7cc0c0552feef8079d51c14a850233b2fab97fc62e3ea4d58d3d1f2e84ca2a9e5ac6b12f271b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-