General
-
Target
16bc0ed5fd8d300548362cbb64db0beedf38c1fc40c1e14b8bbf596e9766a0ac
-
Size
668KB
-
Sample
210831-phrqjcknfe
-
MD5
afa658c1d6f1669d461e072f862aae3e
-
SHA1
ec26c66e878514449499c83a2fe903f6a401e9a8
-
SHA256
16bc0ed5fd8d300548362cbb64db0beedf38c1fc40c1e14b8bbf596e9766a0ac
-
SHA512
3c11b13253ba97a39d1a26c47c7c5b14999e8a84cd965ff9ec290c187b068e29457250fc6794c4d4a4b566a83f1a706c796f195fe1120e32b614d74d6aaedb7d
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
16bc0ed5fd8d300548362cbb64db0beedf38c1fc40c1e14b8bbf596e9766a0ac
-
Size
668KB
-
MD5
afa658c1d6f1669d461e072f862aae3e
-
SHA1
ec26c66e878514449499c83a2fe903f6a401e9a8
-
SHA256
16bc0ed5fd8d300548362cbb64db0beedf38c1fc40c1e14b8bbf596e9766a0ac
-
SHA512
3c11b13253ba97a39d1a26c47c7c5b14999e8a84cd965ff9ec290c187b068e29457250fc6794c4d4a4b566a83f1a706c796f195fe1120e32b614d74d6aaedb7d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-