General
-
Target
85a01a0d49ef6b60b67b248df43fde4ed63ee09c628d3c2fac6a1e316f719636
-
Size
565KB
-
Sample
210915-g11y9ahhg9
-
MD5
24ca72c282b3722283c5038d5bd3a4c7
-
SHA1
8a0c82448975295b095ffc66d7380f967b784c7b
-
SHA256
85a01a0d49ef6b60b67b248df43fde4ed63ee09c628d3c2fac6a1e316f719636
-
SHA512
5f6c6a80e93760a268dc5a00b64c5a7a9dd3dfa9c42055df3ba34408d0305cab06d614cb4972741468c58d89e6ce02a21da035107c5fe96bb9fa3ed5549de91c
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
85a01a0d49ef6b60b67b248df43fde4ed63ee09c628d3c2fac6a1e316f719636
-
Size
565KB
-
MD5
24ca72c282b3722283c5038d5bd3a4c7
-
SHA1
8a0c82448975295b095ffc66d7380f967b784c7b
-
SHA256
85a01a0d49ef6b60b67b248df43fde4ed63ee09c628d3c2fac6a1e316f719636
-
SHA512
5f6c6a80e93760a268dc5a00b64c5a7a9dd3dfa9c42055df3ba34408d0305cab06d614cb4972741468c58d89e6ce02a21da035107c5fe96bb9fa3ed5549de91c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-