General
-
Target
7ce813565565ec9bdd05ccdf8b6de59adde0d4020ce6c16c3c5f6d5c63057085
-
Size
629KB
-
Sample
210830-sqr563mqa2
-
MD5
ca4d4ad73a155478c07d717b612efbd2
-
SHA1
00cdd6bb6aafa6d8e0f385c43ae38f71870a2f99
-
SHA256
7ce813565565ec9bdd05ccdf8b6de59adde0d4020ce6c16c3c5f6d5c63057085
-
SHA512
dbe4bafbdf87db27e4022487cb1ccbe762c3231fdcc4e4b523de6655e8784367e5453f46cac16a79124a49cf1c3aee5f63f318bde2f1e67bd25ac2b713ae412a
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
7ce813565565ec9bdd05ccdf8b6de59adde0d4020ce6c16c3c5f6d5c63057085
-
Size
629KB
-
MD5
ca4d4ad73a155478c07d717b612efbd2
-
SHA1
00cdd6bb6aafa6d8e0f385c43ae38f71870a2f99
-
SHA256
7ce813565565ec9bdd05ccdf8b6de59adde0d4020ce6c16c3c5f6d5c63057085
-
SHA512
dbe4bafbdf87db27e4022487cb1ccbe762c3231fdcc4e4b523de6655e8784367e5453f46cac16a79124a49cf1c3aee5f63f318bde2f1e67bd25ac2b713ae412a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-