General
-
Target
482b64b04200b41a4f2d1e996665d7b9b02c2cc29644cb2d9c62178160ed4ac3
-
Size
543KB
-
Sample
211124-229m1adggn
-
MD5
c105cb833c1b9659d20dc59ce622de4b
-
SHA1
04bd170ea86e1e05e92f2eaf70e3cf51ed87df5e
-
SHA256
482b64b04200b41a4f2d1e996665d7b9b02c2cc29644cb2d9c62178160ed4ac3
-
SHA512
c35459f8b4c77c6dc882761cb41f81143bbb8e78465dab7086ad553f3266d6bdf1faf68c032a0d5c31b807518b61bd76a2443d9543c0c447ecab195a51d1c25f
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
482b64b04200b41a4f2d1e996665d7b9b02c2cc29644cb2d9c62178160ed4ac3
-
Size
543KB
-
MD5
c105cb833c1b9659d20dc59ce622de4b
-
SHA1
04bd170ea86e1e05e92f2eaf70e3cf51ed87df5e
-
SHA256
482b64b04200b41a4f2d1e996665d7b9b02c2cc29644cb2d9c62178160ed4ac3
-
SHA512
c35459f8b4c77c6dc882761cb41f81143bbb8e78465dab7086ad553f3266d6bdf1faf68c032a0d5c31b807518b61bd76a2443d9543c0c447ecab195a51d1c25f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-