General
-
Target
02d34a9f52c99614c2c3232ff92ce33d5a5a32a0bfb84482e074fba1ff08d328
-
Size
544KB
-
Sample
211124-y1p1esggh5
-
MD5
88549a9fdc834d7222b315f3485c4949
-
SHA1
11550556e59321b2d7f5b20fe01997c6252873d6
-
SHA256
02d34a9f52c99614c2c3232ff92ce33d5a5a32a0bfb84482e074fba1ff08d328
-
SHA512
e8558da4d81a6040d9213301a099cd66f491ea898ef7a65b44755d4f8881b4ce33a5013a734cadff0eac1ee75be2e39d8da7bc6de08cb0ca5f30cde3ea7c116f
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
02d34a9f52c99614c2c3232ff92ce33d5a5a32a0bfb84482e074fba1ff08d328
-
Size
544KB
-
MD5
88549a9fdc834d7222b315f3485c4949
-
SHA1
11550556e59321b2d7f5b20fe01997c6252873d6
-
SHA256
02d34a9f52c99614c2c3232ff92ce33d5a5a32a0bfb84482e074fba1ff08d328
-
SHA512
e8558da4d81a6040d9213301a099cd66f491ea898ef7a65b44755d4f8881b4ce33a5013a734cadff0eac1ee75be2e39d8da7bc6de08cb0ca5f30cde3ea7c116f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-