General
-
Target
b1cb3008188fa6322b1c6a1112b12f6779a83f9c358c5c5c768d670145de952a
-
Size
561KB
-
Sample
210915-r9742aahb4
-
MD5
629ec898829a07bbd7c57b470f841766
-
SHA1
5eb4457f3ee4ad3fa361271e5996d5787ec9c7b8
-
SHA256
b1cb3008188fa6322b1c6a1112b12f6779a83f9c358c5c5c768d670145de952a
-
SHA512
60dddbb363442c0896df2ca610b32c08d8d8e042aee01b25cb4f6b6d5b98ed49c308a101c56c88a0c4a8f53291cf8528e319a5d80b64615edcc3148894809655
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
b1cb3008188fa6322b1c6a1112b12f6779a83f9c358c5c5c768d670145de952a
-
Size
561KB
-
MD5
629ec898829a07bbd7c57b470f841766
-
SHA1
5eb4457f3ee4ad3fa361271e5996d5787ec9c7b8
-
SHA256
b1cb3008188fa6322b1c6a1112b12f6779a83f9c358c5c5c768d670145de952a
-
SHA512
60dddbb363442c0896df2ca610b32c08d8d8e042aee01b25cb4f6b6d5b98ed49c308a101c56c88a0c4a8f53291cf8528e319a5d80b64615edcc3148894809655
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-