General
-
Target
bebe442625b617199a99f13540f137dbd9ee63f1ff70adf9b5464c808d342e30
-
Size
560KB
-
Sample
210915-ppzwtaafe5
-
MD5
e5d3630e0cdff565691245215cf6540f
-
SHA1
4f3139a1d07509f3cade03655bc08344bc34c79f
-
SHA256
bebe442625b617199a99f13540f137dbd9ee63f1ff70adf9b5464c808d342e30
-
SHA512
00ec20aa89ad6c30b9c6224b2d7de6f2673e5a7bc0d56f887c1d2123ab9faa153afbdb1080072831b3c83414f49fb5348db6951f64077ecb87cda3b64dfa2140
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
bebe442625b617199a99f13540f137dbd9ee63f1ff70adf9b5464c808d342e30
-
Size
560KB
-
MD5
e5d3630e0cdff565691245215cf6540f
-
SHA1
4f3139a1d07509f3cade03655bc08344bc34c79f
-
SHA256
bebe442625b617199a99f13540f137dbd9ee63f1ff70adf9b5464c808d342e30
-
SHA512
00ec20aa89ad6c30b9c6224b2d7de6f2673e5a7bc0d56f887c1d2123ab9faa153afbdb1080072831b3c83414f49fb5348db6951f64077ecb87cda3b64dfa2140
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-