General
-
Target
56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79
-
Size
642KB
-
Sample
210831-l9xjwjdtc6
-
MD5
91aa29454b021cb7527a48ccdc63bd03
-
SHA1
1e7e5758d793cddba18e9da6bf720a8ade96674a
-
SHA256
56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79
-
SHA512
3c7c16345ef6803b41622054d56d20c3f5d6569bac991a900f78ab94f57a8a9e1df771e32d594dffedf0ca102e85502021949b5092664886af4809cebc68697b
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79
-
Size
642KB
-
MD5
91aa29454b021cb7527a48ccdc63bd03
-
SHA1
1e7e5758d793cddba18e9da6bf720a8ade96674a
-
SHA256
56f4fed2d87bf8fb41488b5742885f4c1f3c4d2567d9c5d88912743a87a7fd79
-
SHA512
3c7c16345ef6803b41622054d56d20c3f5d6569bac991a900f78ab94f57a8a9e1df771e32d594dffedf0ca102e85502021949b5092664886af4809cebc68697b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-