General
-
Target
a5af4c0075efbcdd95fe57ed0cfcfe62d888b8eb2802088399efeac1c2f135b1
-
Size
639KB
-
Sample
210831-sk1xvsv8ta
-
MD5
6a340352eb300ac800715c877e5d3baa
-
SHA1
98742e0cf884761ee4caf3cf75398fe7e24fc3e7
-
SHA256
a5af4c0075efbcdd95fe57ed0cfcfe62d888b8eb2802088399efeac1c2f135b1
-
SHA512
20bad6ad55c125941b4bca5f51c4b46d9d719b2c5982162b6fbaab24a8b744c78d6c6a2349c910f9ab6557f4df6487e6f342feded7bb260bc29442e2852b757f
Static task
static1
Malware Config
Extracted
redline
mix31.08
185.215.113.15:6043
Targets
-
-
Target
a5af4c0075efbcdd95fe57ed0cfcfe62d888b8eb2802088399efeac1c2f135b1
-
Size
639KB
-
MD5
6a340352eb300ac800715c877e5d3baa
-
SHA1
98742e0cf884761ee4caf3cf75398fe7e24fc3e7
-
SHA256
a5af4c0075efbcdd95fe57ed0cfcfe62d888b8eb2802088399efeac1c2f135b1
-
SHA512
20bad6ad55c125941b4bca5f51c4b46d9d719b2c5982162b6fbaab24a8b744c78d6c6a2349c910f9ab6557f4df6487e6f342feded7bb260bc29442e2852b757f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-