General
-
Target
35314d79407067b199d16a17f3e7608c68364c4d4b4098565c5c4133b9b8eddc
-
Size
662KB
-
Sample
211015-tp8wyabhaq
-
MD5
7931cbb6a28cbbc550fbb81e88c7314c
-
SHA1
2e73db1f0fe17165db02c9a30a0ca249dca90a5e
-
SHA256
35314d79407067b199d16a17f3e7608c68364c4d4b4098565c5c4133b9b8eddc
-
SHA512
f003bb89458e0a313fd533afb8f7a5868909dbff024d1b28336e120bbff824f820c9bfd2ee651c5a94b45e849e4b8dc0836fa5bc56452a267bcd112462a576ee
Static task
static1
Malware Config
Extracted
redline
mix15.10
185.215.113.15:57055
Targets
-
-
Target
35314d79407067b199d16a17f3e7608c68364c4d4b4098565c5c4133b9b8eddc
-
Size
662KB
-
MD5
7931cbb6a28cbbc550fbb81e88c7314c
-
SHA1
2e73db1f0fe17165db02c9a30a0ca249dca90a5e
-
SHA256
35314d79407067b199d16a17f3e7608c68364c4d4b4098565c5c4133b9b8eddc
-
SHA512
f003bb89458e0a313fd533afb8f7a5868909dbff024d1b28336e120bbff824f820c9bfd2ee651c5a94b45e849e4b8dc0836fa5bc56452a267bcd112462a576ee
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-