General
-
Target
0f9b74a12f374bef3a3f26a1eabf2a91d556d0e5b80a2c9d52383806055c3179
-
Size
663KB
-
Sample
210914-zjrncsgcf2
-
MD5
518f8966974a96d4cee2d26b4ac8bf4b
-
SHA1
a8b2a2e2efae17c6e6894d88cd40cc1d72633f84
-
SHA256
0f9b74a12f374bef3a3f26a1eabf2a91d556d0e5b80a2c9d52383806055c3179
-
SHA512
826844e8a2582aae70cf694e330467d6fbf7cfe95381d183e1b09c5b64d2cb3f9abdf2e68a46f889746189f20cab16f935a6eda0e7d22be5c6f023b4b70241a6
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
0f9b74a12f374bef3a3f26a1eabf2a91d556d0e5b80a2c9d52383806055c3179
-
Size
663KB
-
MD5
518f8966974a96d4cee2d26b4ac8bf4b
-
SHA1
a8b2a2e2efae17c6e6894d88cd40cc1d72633f84
-
SHA256
0f9b74a12f374bef3a3f26a1eabf2a91d556d0e5b80a2c9d52383806055c3179
-
SHA512
826844e8a2582aae70cf694e330467d6fbf7cfe95381d183e1b09c5b64d2cb3f9abdf2e68a46f889746189f20cab16f935a6eda0e7d22be5c6f023b4b70241a6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-