General
-
Target
026133294a3770ce340f43ddf66f7afd0fae4954084125dc68fd7d35f8a29c6e
-
Size
569KB
-
Sample
210915-jmng4sabc5
-
MD5
a6f168ef74b18b4b174cf58ea8d1d669
-
SHA1
8179ba6ab2af18ca81c37b791ebd10e3c3f51747
-
SHA256
026133294a3770ce340f43ddf66f7afd0fae4954084125dc68fd7d35f8a29c6e
-
SHA512
5ca2e9e02983a7f1408f12876253735f22f3a334edbe0cb1b708ee24f0f5c79853e4c86de7e95d346e5fd9d134664c3cd98ad0a61a036f9fc0a69ff5958241bd
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
026133294a3770ce340f43ddf66f7afd0fae4954084125dc68fd7d35f8a29c6e
-
Size
569KB
-
MD5
a6f168ef74b18b4b174cf58ea8d1d669
-
SHA1
8179ba6ab2af18ca81c37b791ebd10e3c3f51747
-
SHA256
026133294a3770ce340f43ddf66f7afd0fae4954084125dc68fd7d35f8a29c6e
-
SHA512
5ca2e9e02983a7f1408f12876253735f22f3a334edbe0cb1b708ee24f0f5c79853e4c86de7e95d346e5fd9d134664c3cd98ad0a61a036f9fc0a69ff5958241bd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-