General
-
Target
143b6f12b70b950423be6d2f5b44e3f51362e3e5d9b016b84bab2f784e1f70e1
-
Size
663KB
-
Sample
211125-a4cbqsdhhm
-
MD5
a399ffa8c642354c9af3232ed22a4f53
-
SHA1
2e7e6142340f77aa52e0a079b0da13ba7d87a2b4
-
SHA256
143b6f12b70b950423be6d2f5b44e3f51362e3e5d9b016b84bab2f784e1f70e1
-
SHA512
c31ce12f9055d0269a0cd4fd89087cb33c704da0e7fc444ac1f84ed16b36c7342a3fe2a27c2cdaffa0a177acdfc2de1796bd838a01d1c0df3b4cf51378096759
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
143b6f12b70b950423be6d2f5b44e3f51362e3e5d9b016b84bab2f784e1f70e1
-
Size
663KB
-
MD5
a399ffa8c642354c9af3232ed22a4f53
-
SHA1
2e7e6142340f77aa52e0a079b0da13ba7d87a2b4
-
SHA256
143b6f12b70b950423be6d2f5b44e3f51362e3e5d9b016b84bab2f784e1f70e1
-
SHA512
c31ce12f9055d0269a0cd4fd89087cb33c704da0e7fc444ac1f84ed16b36c7342a3fe2a27c2cdaffa0a177acdfc2de1796bd838a01d1c0df3b4cf51378096759
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-