General
-
Target
19a3ab9cc08eea70d17a797f50d80389b4b26d3f8bd950cd80a9091d0c53e2dd
-
Size
658KB
-
Sample
211019-splkzagah8
-
MD5
d61864da43bb9aebef52975ec0111647
-
SHA1
65b09628dc0e9b317ef2ef2a89aaddeff7d80b0a
-
SHA256
19a3ab9cc08eea70d17a797f50d80389b4b26d3f8bd950cd80a9091d0c53e2dd
-
SHA512
07b8acbc940ccf1f8d9ccdd55d8516ef7ea08f1250b05956bd398da4bec40bfc688c4f224f45440abed6edf035bc5346df040fcd46f1cf6c5fe03190fee716e3
Static task
static1
Malware Config
Extracted
redline
19.10
185.215.113.17:9054
Targets
-
-
Target
19a3ab9cc08eea70d17a797f50d80389b4b26d3f8bd950cd80a9091d0c53e2dd
-
Size
658KB
-
MD5
d61864da43bb9aebef52975ec0111647
-
SHA1
65b09628dc0e9b317ef2ef2a89aaddeff7d80b0a
-
SHA256
19a3ab9cc08eea70d17a797f50d80389b4b26d3f8bd950cd80a9091d0c53e2dd
-
SHA512
07b8acbc940ccf1f8d9ccdd55d8516ef7ea08f1250b05956bd398da4bec40bfc688c4f224f45440abed6edf035bc5346df040fcd46f1cf6c5fe03190fee716e3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-