General
-
Target
a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83
-
Size
632KB
-
Sample
211021-xzebvsbfak
-
MD5
d29813a2b2564f30acf58849f526fde0
-
SHA1
3c05bcd02cb3ef6c7d191abdb44da72f76abcb18
-
SHA256
a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83
-
SHA512
ef1fe1b41d06ae1d8c03df6b95af1ef6a2f1926d3aaecb7f73bddb99ce4284bffe41b08a070f95b712e56bbc4a7790995964d5dd686f6e794eb2a44940e9ce1d
Static task
static1
Malware Config
Extracted
redline
22.10
185.215.113.17:7700
Targets
-
-
Target
a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83
-
Size
632KB
-
MD5
d29813a2b2564f30acf58849f526fde0
-
SHA1
3c05bcd02cb3ef6c7d191abdb44da72f76abcb18
-
SHA256
a17aa04989540fe3b64fbdc853143d35671ed57446a51b307a80c9996238ea83
-
SHA512
ef1fe1b41d06ae1d8c03df6b95af1ef6a2f1926d3aaecb7f73bddb99ce4284bffe41b08a070f95b712e56bbc4a7790995964d5dd686f6e794eb2a44940e9ce1d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-