General
-
Target
e038683c8da13045170e975ba0163abe39c8bb260cf92c2493acb1545eb391d0
-
Size
565KB
-
Sample
210915-k4c85sddfn
-
MD5
46ffbd657e8fb12238c3627706915167
-
SHA1
3c2f342b388c9cd3dbe769808360168ceb25f4ff
-
SHA256
e038683c8da13045170e975ba0163abe39c8bb260cf92c2493acb1545eb391d0
-
SHA512
4279965054814cfd3be0757ced7c5151cf16a873ceda4094e0d5e4d1722a3370865b1ea533102261fa59328a4b3a2731a2e54d9a8f08420c279f8c18b59d3835
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
e038683c8da13045170e975ba0163abe39c8bb260cf92c2493acb1545eb391d0
-
Size
565KB
-
MD5
46ffbd657e8fb12238c3627706915167
-
SHA1
3c2f342b388c9cd3dbe769808360168ceb25f4ff
-
SHA256
e038683c8da13045170e975ba0163abe39c8bb260cf92c2493acb1545eb391d0
-
SHA512
4279965054814cfd3be0757ced7c5151cf16a873ceda4094e0d5e4d1722a3370865b1ea533102261fa59328a4b3a2731a2e54d9a8f08420c279f8c18b59d3835
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-