General
-
Target
0eddd5df2bb252f20106e3ef4d667c97373ab6a434ab69324220eb745ffd6e71
-
Size
658KB
-
Sample
211019-sdlrlagaf9
-
MD5
ed1b6c3228e5a96faf7900718ae8e1ca
-
SHA1
450bb039fddaa34b3aab4248461d2a5086968183
-
SHA256
0eddd5df2bb252f20106e3ef4d667c97373ab6a434ab69324220eb745ffd6e71
-
SHA512
7aafb3778ec44ffe6a96828921faf5eb01c75f2bf7502cca67e5b7e7e64499a50597f44e9c49ec1a0855e1ea3f289a6160b91a52481ac8b4e1bc4ff74ff835ee
Static task
static1
Malware Config
Extracted
redline
19.10
185.215.113.17:9054
Targets
-
-
Target
0eddd5df2bb252f20106e3ef4d667c97373ab6a434ab69324220eb745ffd6e71
-
Size
658KB
-
MD5
ed1b6c3228e5a96faf7900718ae8e1ca
-
SHA1
450bb039fddaa34b3aab4248461d2a5086968183
-
SHA256
0eddd5df2bb252f20106e3ef4d667c97373ab6a434ab69324220eb745ffd6e71
-
SHA512
7aafb3778ec44ffe6a96828921faf5eb01c75f2bf7502cca67e5b7e7e64499a50597f44e9c49ec1a0855e1ea3f289a6160b91a52481ac8b4e1bc4ff74ff835ee
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-