General
-
Target
3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7
-
Size
663KB
-
Sample
210914-16dwfsbdbq
-
MD5
fa622c0da3074c9f7e5835a56352bbd5
-
SHA1
fcc22b7caf053a3adc6bdfcb46afb0c164b5393b
-
SHA256
3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7
-
SHA512
b257121b072973c3012005b4207c99083c959cfa0077330d0cf372251506df3b8069e0fe2b6eb931792d8b0454ae9aa00a8177aa73b7b2e2c4c0f8c9d47dfa8e
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7
-
Size
663KB
-
MD5
fa622c0da3074c9f7e5835a56352bbd5
-
SHA1
fcc22b7caf053a3adc6bdfcb46afb0c164b5393b
-
SHA256
3f1fc413536cd9c161c3d5f8d71c0a1dffa64f760312705c9467f591710c75c7
-
SHA512
b257121b072973c3012005b4207c99083c959cfa0077330d0cf372251506df3b8069e0fe2b6eb931792d8b0454ae9aa00a8177aa73b7b2e2c4c0f8c9d47dfa8e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-