General
-
Target
3c35710f9d441de55ed6c2629eae358f97270fd9fab1d7620a8259dcbc301366
-
Size
544KB
-
Sample
211124-1wslvshaa9
-
MD5
86bca60f0b486e9deccf3fd959ea3586
-
SHA1
1de8889060b83add853865616cab77de558dafcf
-
SHA256
3c35710f9d441de55ed6c2629eae358f97270fd9fab1d7620a8259dcbc301366
-
SHA512
10ad3db3b959aec6fc03a7dc384bffe0b5ab5390cea86c22b91269db7fc04e0cac662f444055afe82008e5515c2d0be12c3b61c36b7167f61c5e02cc7543c56d
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
3c35710f9d441de55ed6c2629eae358f97270fd9fab1d7620a8259dcbc301366
-
Size
544KB
-
MD5
86bca60f0b486e9deccf3fd959ea3586
-
SHA1
1de8889060b83add853865616cab77de558dafcf
-
SHA256
3c35710f9d441de55ed6c2629eae358f97270fd9fab1d7620a8259dcbc301366
-
SHA512
10ad3db3b959aec6fc03a7dc384bffe0b5ab5390cea86c22b91269db7fc04e0cac662f444055afe82008e5515c2d0be12c3b61c36b7167f61c5e02cc7543c56d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-