General
-
Target
75d4d1127a2b0a648cd8d58a89180aa7cabb59e3253b3429a68dfd1154f4e211
-
Size
665KB
-
Sample
211015-xnzhnacahn
-
MD5
851903971adf97fdaaaecbb1ad248fc0
-
SHA1
a270fd4494021d176414cb915d62c860777407e7
-
SHA256
75d4d1127a2b0a648cd8d58a89180aa7cabb59e3253b3429a68dfd1154f4e211
-
SHA512
30aa6ea931e3acfab240c947e4a90ce49b8a982d0ad1669cef0d6a71343523e356e26e90c07da667075ba07bf8bdec669e51cbe92583653966b78200e7b9fe02
Static task
static1
Malware Config
Extracted
redline
mix15.10
185.215.113.15:57055
Targets
-
-
Target
75d4d1127a2b0a648cd8d58a89180aa7cabb59e3253b3429a68dfd1154f4e211
-
Size
665KB
-
MD5
851903971adf97fdaaaecbb1ad248fc0
-
SHA1
a270fd4494021d176414cb915d62c860777407e7
-
SHA256
75d4d1127a2b0a648cd8d58a89180aa7cabb59e3253b3429a68dfd1154f4e211
-
SHA512
30aa6ea931e3acfab240c947e4a90ce49b8a982d0ad1669cef0d6a71343523e356e26e90c07da667075ba07bf8bdec669e51cbe92583653966b78200e7b9fe02
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-