General
-
Target
7e64c1746346909172aca970393683441bb00a17c67dedc1fbe1b20cf13060b5
-
Size
658KB
-
Sample
211019-n71emagfer
-
MD5
f6506793af600b3a81f6ffb234455491
-
SHA1
8aea8a3eb94ac6595b2d21f22e395bf5a51aeaa2
-
SHA256
7e64c1746346909172aca970393683441bb00a17c67dedc1fbe1b20cf13060b5
-
SHA512
6313393cd6ca3ab2e1a950c3c77a69ac1b7d05e1666596121322e5a0d97dc0d6ff7a34b311fb98b6f2927879edb810a3550fd99916cad9ab3304d5ced54fec56
Static task
static1
Malware Config
Extracted
redline
mix19.10
185.215.113.15:57055
Targets
-
-
Target
7e64c1746346909172aca970393683441bb00a17c67dedc1fbe1b20cf13060b5
-
Size
658KB
-
MD5
f6506793af600b3a81f6ffb234455491
-
SHA1
8aea8a3eb94ac6595b2d21f22e395bf5a51aeaa2
-
SHA256
7e64c1746346909172aca970393683441bb00a17c67dedc1fbe1b20cf13060b5
-
SHA512
6313393cd6ca3ab2e1a950c3c77a69ac1b7d05e1666596121322e5a0d97dc0d6ff7a34b311fb98b6f2927879edb810a3550fd99916cad9ab3304d5ced54fec56
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-