General
-
Target
cf44f894948ccdc8349321972c99123c95a7134fa315b6990c4ce2761d458034
-
Size
635KB
-
Sample
210831-4wc25dg9ps
-
MD5
160eb5ba669ae3e98df0e69117dc5c00
-
SHA1
7f2d8febc476c4c020e4bf8ef8c7db89a33a9968
-
SHA256
cf44f894948ccdc8349321972c99123c95a7134fa315b6990c4ce2761d458034
-
SHA512
e827a84e2e206a827aa7db40c13067e78c8abf9f39cf98c74cbcc49ed0cdf998b9a13a8b59c6bac0e31d6710a8070b6dcd67bb4f22b5f083f2d6ecacf914d5e8
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
cf44f894948ccdc8349321972c99123c95a7134fa315b6990c4ce2761d458034
-
Size
635KB
-
MD5
160eb5ba669ae3e98df0e69117dc5c00
-
SHA1
7f2d8febc476c4c020e4bf8ef8c7db89a33a9968
-
SHA256
cf44f894948ccdc8349321972c99123c95a7134fa315b6990c4ce2761d458034
-
SHA512
e827a84e2e206a827aa7db40c13067e78c8abf9f39cf98c74cbcc49ed0cdf998b9a13a8b59c6bac0e31d6710a8070b6dcd67bb4f22b5f083f2d6ecacf914d5e8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-