General
-
Target
1e78bf0fab620f40f55599dbd2935cc7d94864496616b33c87b395ec1619a385
-
Size
658KB
-
Sample
211019-rm9dksgab2
-
MD5
d16e3722ad74aa62f2a0f841dac42b7c
-
SHA1
204931fb36d48dea459e93648d8c318276aeb008
-
SHA256
1e78bf0fab620f40f55599dbd2935cc7d94864496616b33c87b395ec1619a385
-
SHA512
f918c8daad3a0153a404832c98f4c46a290667e29cc188788eb25073845302909a4e3fdee9f7186e6a817510e5b543209f2c6e25c32123b35208e0ef6737b8d9
Static task
static1
Malware Config
Extracted
redline
19.10
185.215.113.17:9054
Targets
-
-
Target
1e78bf0fab620f40f55599dbd2935cc7d94864496616b33c87b395ec1619a385
-
Size
658KB
-
MD5
d16e3722ad74aa62f2a0f841dac42b7c
-
SHA1
204931fb36d48dea459e93648d8c318276aeb008
-
SHA256
1e78bf0fab620f40f55599dbd2935cc7d94864496616b33c87b395ec1619a385
-
SHA512
f918c8daad3a0153a404832c98f4c46a290667e29cc188788eb25073845302909a4e3fdee9f7186e6a817510e5b543209f2c6e25c32123b35208e0ef6737b8d9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-