General
-
Target
mixshop_20210915-111550
-
Size
565KB
-
Sample
210915-k9y3ssadc3
-
MD5
9b4c3436b6e423cd2eac7f46334e3c42
-
SHA1
5c0f4908151485836d1ee0a37de0a4d0bdc5e7ad
-
SHA256
bb87736688bfd47f88cadfb17adede8c4c2acb585fca0b09cef9353970f9c494
-
SHA512
600ec358bc68be84faeac1a5dd4439a38f710aaf791c000c398ada8ec93d435bab6c57b8fe2fbc26b3fe2a434394f8747b24caada12441f8a9137c49c7b5200b
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
mixshop_20210915-111550
-
Size
565KB
-
MD5
9b4c3436b6e423cd2eac7f46334e3c42
-
SHA1
5c0f4908151485836d1ee0a37de0a4d0bdc5e7ad
-
SHA256
bb87736688bfd47f88cadfb17adede8c4c2acb585fca0b09cef9353970f9c494
-
SHA512
600ec358bc68be84faeac1a5dd4439a38f710aaf791c000c398ada8ec93d435bab6c57b8fe2fbc26b3fe2a434394f8747b24caada12441f8a9137c49c7b5200b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-