General
-
Target
1c6ca85c39a3068ebe2280f9c937f1bf4ee1b86b83f6e9e488596e06bbe5baa3
-
Size
658KB
-
Sample
211019-n6lj3sgfeq
-
MD5
410b7b91a310b9ffb1d429786deb2510
-
SHA1
d2e4d33fe9e6871781efe7c8e975da55f3c8d75b
-
SHA256
1c6ca85c39a3068ebe2280f9c937f1bf4ee1b86b83f6e9e488596e06bbe5baa3
-
SHA512
24af0bd26e4338570709fb1365dfe98df06a4c0e4e0620b800853d12253ea96905d12c4694fff1c147ab4cad6e78a45b1d55e284dc2ae36d8ec19eb3a645c217
Static task
static1
Malware Config
Extracted
redline
19.10
185.215.113.17:9054
Targets
-
-
Target
1c6ca85c39a3068ebe2280f9c937f1bf4ee1b86b83f6e9e488596e06bbe5baa3
-
Size
658KB
-
MD5
410b7b91a310b9ffb1d429786deb2510
-
SHA1
d2e4d33fe9e6871781efe7c8e975da55f3c8d75b
-
SHA256
1c6ca85c39a3068ebe2280f9c937f1bf4ee1b86b83f6e9e488596e06bbe5baa3
-
SHA512
24af0bd26e4338570709fb1365dfe98df06a4c0e4e0620b800853d12253ea96905d12c4694fff1c147ab4cad6e78a45b1d55e284dc2ae36d8ec19eb3a645c217
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-