General
-
Target
a1b67208ebf96100384609cd613707961d108807cebb811533584b1f4bc5fdfa
-
Size
658KB
-
Sample
211019-nnhqgafga4
-
MD5
0ff9ab78962ab00601460f90e018bc7c
-
SHA1
0b793e9d34b51217ff9fe6e0d33f0d21850bfa22
-
SHA256
a1b67208ebf96100384609cd613707961d108807cebb811533584b1f4bc5fdfa
-
SHA512
73d9c67604298eda727c0b6d9e6ad75babc71ea25c5d376a89091d397b0c62478659dec6b2ee4bd8bfe8a6d90a372e4ca8df75c5e017089ae1256f5e73b9558c
Static task
static1
Malware Config
Extracted
redline
19.10
185.215.113.17:9054
Targets
-
-
Target
a1b67208ebf96100384609cd613707961d108807cebb811533584b1f4bc5fdfa
-
Size
658KB
-
MD5
0ff9ab78962ab00601460f90e018bc7c
-
SHA1
0b793e9d34b51217ff9fe6e0d33f0d21850bfa22
-
SHA256
a1b67208ebf96100384609cd613707961d108807cebb811533584b1f4bc5fdfa
-
SHA512
73d9c67604298eda727c0b6d9e6ad75babc71ea25c5d376a89091d397b0c62478659dec6b2ee4bd8bfe8a6d90a372e4ca8df75c5e017089ae1256f5e73b9558c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-