General
-
Target
f7c90944bd6b0da2e79fb349da368ae3ef38520b43933427bf4ff64f0adf74f9
-
Size
565KB
-
Sample
210915-g4zwcsdadp
-
MD5
b4858160f2f4f0f897b683f46eb66596
-
SHA1
005bbdf184395a5f1229ee71bb7478be4a78941e
-
SHA256
f7c90944bd6b0da2e79fb349da368ae3ef38520b43933427bf4ff64f0adf74f9
-
SHA512
9604bc91f55678deeb7aca8b4bb3572dca705d02e8bca9b8f17ca1b21d6cdeab93a2bd88e450fa220241ede2579abcbddb7e8e94c3431096e9e223a6829db7ee
Static task
static1
Malware Config
Extracted
redline
15.09
185.215.113.17:48236
Targets
-
-
Target
f7c90944bd6b0da2e79fb349da368ae3ef38520b43933427bf4ff64f0adf74f9
-
Size
565KB
-
MD5
b4858160f2f4f0f897b683f46eb66596
-
SHA1
005bbdf184395a5f1229ee71bb7478be4a78941e
-
SHA256
f7c90944bd6b0da2e79fb349da368ae3ef38520b43933427bf4ff64f0adf74f9
-
SHA512
9604bc91f55678deeb7aca8b4bb3572dca705d02e8bca9b8f17ca1b21d6cdeab93a2bd88e450fa220241ede2579abcbddb7e8e94c3431096e9e223a6829db7ee
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-