General
-
Target
1ff8b3fec4421087770f7524799557f20f38a2479208ebc00c80ca75a95f720a
-
Size
639KB
-
Sample
210831-kznndackzj
-
MD5
abf06afa857606e363e0aca03efc993d
-
SHA1
3468d71b479cf9efef7a2244d80845212f030911
-
SHA256
1ff8b3fec4421087770f7524799557f20f38a2479208ebc00c80ca75a95f720a
-
SHA512
5fee2ced6cf1719a87b681172f65136ef6f79df25377c8848362d50c639eb0e8c3e80e2b57bce30727e28a0971738c9d87f70c26247b1dbf7c482a88ec03645a
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
1ff8b3fec4421087770f7524799557f20f38a2479208ebc00c80ca75a95f720a
-
Size
639KB
-
MD5
abf06afa857606e363e0aca03efc993d
-
SHA1
3468d71b479cf9efef7a2244d80845212f030911
-
SHA256
1ff8b3fec4421087770f7524799557f20f38a2479208ebc00c80ca75a95f720a
-
SHA512
5fee2ced6cf1719a87b681172f65136ef6f79df25377c8848362d50c639eb0e8c3e80e2b57bce30727e28a0971738c9d87f70c26247b1dbf7c482a88ec03645a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-