General
-
Target
e9a953da28b8b7e3b34570e08c93a8e911b23574a7e997cb384ee335e179c574
-
Size
561KB
-
Sample
210915-rbbyyadgfr
-
MD5
ea26fcc957f59d7fa054dc9b13a744b9
-
SHA1
aa8ea550dbdaa01d9f0091833fdf4c813e7e223e
-
SHA256
e9a953da28b8b7e3b34570e08c93a8e911b23574a7e997cb384ee335e179c574
-
SHA512
2a068807b9a74d560bfcb2658d297c2d32c14e913196612d6169e0f48e53ae994d1e618dfecc74a64a14e556f7316587b280b7e46241e25c2be7ca0038abd2fc
Static task
static1
Malware Config
Extracted
redline
mix15.09
185.215.113.15:6043
Targets
-
-
Target
e9a953da28b8b7e3b34570e08c93a8e911b23574a7e997cb384ee335e179c574
-
Size
561KB
-
MD5
ea26fcc957f59d7fa054dc9b13a744b9
-
SHA1
aa8ea550dbdaa01d9f0091833fdf4c813e7e223e
-
SHA256
e9a953da28b8b7e3b34570e08c93a8e911b23574a7e997cb384ee335e179c574
-
SHA512
2a068807b9a74d560bfcb2658d297c2d32c14e913196612d6169e0f48e53ae994d1e618dfecc74a64a14e556f7316587b280b7e46241e25c2be7ca0038abd2fc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-