General
-
Target
74c0a7f3a1899c06378227127cc61652ca0fbf3c0c35b03c254810cb34944d40
-
Size
661KB
-
Sample
211015-qsgebabfgr
-
MD5
73332d46ded7f203dd39049dd55a69ed
-
SHA1
1e88f93af451aa0510cb32991046f3dc714e885d
-
SHA256
74c0a7f3a1899c06378227127cc61652ca0fbf3c0c35b03c254810cb34944d40
-
SHA512
5240cdb5bf69b543e4b9826110dd099e82b043fcab26efd7b2944018eb84c06dd4b4c86686f110c66b6308e1d5e10ea805de1a5e43a7b7fa0aac87c81a74a7d7
Static task
static1
Malware Config
Extracted
redline
mix15.10
185.215.113.15:57055
Targets
-
-
Target
74c0a7f3a1899c06378227127cc61652ca0fbf3c0c35b03c254810cb34944d40
-
Size
661KB
-
MD5
73332d46ded7f203dd39049dd55a69ed
-
SHA1
1e88f93af451aa0510cb32991046f3dc714e885d
-
SHA256
74c0a7f3a1899c06378227127cc61652ca0fbf3c0c35b03c254810cb34944d40
-
SHA512
5240cdb5bf69b543e4b9826110dd099e82b043fcab26efd7b2944018eb84c06dd4b4c86686f110c66b6308e1d5e10ea805de1a5e43a7b7fa0aac87c81a74a7d7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-