General
-
Target
191fa1cd1384fb98310923542cb7e5302c5de3852bd5145ff7ccc93d1e3a5dd0
-
Size
639KB
-
Sample
210831-7trat5mrq6
-
MD5
3d2fbaf281262c361a8627f5317465c3
-
SHA1
593dc404ed39172f870eb6f11207ca71ccf76a19
-
SHA256
191fa1cd1384fb98310923542cb7e5302c5de3852bd5145ff7ccc93d1e3a5dd0
-
SHA512
575aaf32ff84c765c4bb0aaf0ea66a4bcb7bbae1c5374d2fe18b960cbcf9826f820f610e3deaa6a5922801f55ccc20d71bb640e04c6cd1990c30c4e9d889cfa4
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
191fa1cd1384fb98310923542cb7e5302c5de3852bd5145ff7ccc93d1e3a5dd0
-
Size
639KB
-
MD5
3d2fbaf281262c361a8627f5317465c3
-
SHA1
593dc404ed39172f870eb6f11207ca71ccf76a19
-
SHA256
191fa1cd1384fb98310923542cb7e5302c5de3852bd5145ff7ccc93d1e3a5dd0
-
SHA512
575aaf32ff84c765c4bb0aaf0ea66a4bcb7bbae1c5374d2fe18b960cbcf9826f820f610e3deaa6a5922801f55ccc20d71bb640e04c6cd1990c30c4e9d889cfa4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-