General
-
Target
39c9ac37a1e875ffe53c1ea16649029413fb6ab02e8e490c0a55d51c449a4ca6
-
Size
566KB
-
Sample
210915-fdv9tagff4
-
MD5
39961bf00191c4bfd379f8a38fd6e55f
-
SHA1
0b1cbe2d99217b01d90a3912164f35e1bc988146
-
SHA256
39c9ac37a1e875ffe53c1ea16649029413fb6ab02e8e490c0a55d51c449a4ca6
-
SHA512
5d4c89f17cfb86f2d4fbe9d0bdb4648fb3dfe770763f60d39332002d0e0da01e2fe359556f23f2260cbbe233248d8cf204346cb0a6f41644d1adaa02fb33890b
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
39c9ac37a1e875ffe53c1ea16649029413fb6ab02e8e490c0a55d51c449a4ca6
-
Size
566KB
-
MD5
39961bf00191c4bfd379f8a38fd6e55f
-
SHA1
0b1cbe2d99217b01d90a3912164f35e1bc988146
-
SHA256
39c9ac37a1e875ffe53c1ea16649029413fb6ab02e8e490c0a55d51c449a4ca6
-
SHA512
5d4c89f17cfb86f2d4fbe9d0bdb4648fb3dfe770763f60d39332002d0e0da01e2fe359556f23f2260cbbe233248d8cf204346cb0a6f41644d1adaa02fb33890b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-