General
-
Target
43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43
-
Size
661KB
-
Sample
211015-rbp6kabgbn
-
MD5
bbd83b469f85327a9ef00e65c9bade61
-
SHA1
10b09017964422f706e5bff5b7c903590138d34f
-
SHA256
43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43
-
SHA512
46440dab2d5a55b65a0510c593aaf6c98941fd69fab4561b24ac855b43e69431823d19b8815fc5729e5c3d697b8425aa4946703d400f046aa2e277b3d22e8454
Static task
static1
Malware Config
Extracted
redline
mix15.10
185.215.113.15:57055
Targets
-
-
Target
43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43
-
Size
661KB
-
MD5
bbd83b469f85327a9ef00e65c9bade61
-
SHA1
10b09017964422f706e5bff5b7c903590138d34f
-
SHA256
43b802ff6a2751b2c83d028a825c91b46d414eea21e18e9b91fface5f129ae43
-
SHA512
46440dab2d5a55b65a0510c593aaf6c98941fd69fab4561b24ac855b43e69431823d19b8815fc5729e5c3d697b8425aa4946703d400f046aa2e277b3d22e8454
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-