General
-
Target
a305bdda8ac263de0ffd3063265ebf112749b9c57e2f88434c63a6511f10c380
-
Size
533KB
-
Sample
210926-2f6zzsfcgl
-
MD5
831ca5fc3856855a593810e3ba542ae7
-
SHA1
7eec6bb43bea39c4383830a6245c359feab7bcc7
-
SHA256
a305bdda8ac263de0ffd3063265ebf112749b9c57e2f88434c63a6511f10c380
-
SHA512
6ac935584e73b248cbe475b26a5e6b2b2d382f58cd72d0e53d745de5369f9a78df197282b844acec84fb2c6cdd19c5c4831f5a7c032a320c16cb70194a2df90c
Static task
static1
Malware Config
Extracted
redline
mix27.09
185.215.113.15:6043
Targets
-
-
Target
a305bdda8ac263de0ffd3063265ebf112749b9c57e2f88434c63a6511f10c380
-
Size
533KB
-
MD5
831ca5fc3856855a593810e3ba542ae7
-
SHA1
7eec6bb43bea39c4383830a6245c359feab7bcc7
-
SHA256
a305bdda8ac263de0ffd3063265ebf112749b9c57e2f88434c63a6511f10c380
-
SHA512
6ac935584e73b248cbe475b26a5e6b2b2d382f58cd72d0e53d745de5369f9a78df197282b844acec84fb2c6cdd19c5c4831f5a7c032a320c16cb70194a2df90c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-