General
-
Target
c59f5ca5e2c1652bcaf2353294f9a6e8fc1b2bdf775d1dc207f18b298c841849
-
Size
663KB
-
Sample
211125-czf58shdd3
-
MD5
0321c4447d9bedc9fa4f329bd40ada57
-
SHA1
3b4eae5ec4f2274f4b24cc42611b0c8344740f8b
-
SHA256
c59f5ca5e2c1652bcaf2353294f9a6e8fc1b2bdf775d1dc207f18b298c841849
-
SHA512
1f5a9efc5c127174fa857570a219b5703af270860f1e0fc066c89e0e1ec49fe7d1f4fb45b889b185d8cc7e38d646f972a21b84a36ac02c48f4802dd330362390
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
c59f5ca5e2c1652bcaf2353294f9a6e8fc1b2bdf775d1dc207f18b298c841849
-
Size
663KB
-
MD5
0321c4447d9bedc9fa4f329bd40ada57
-
SHA1
3b4eae5ec4f2274f4b24cc42611b0c8344740f8b
-
SHA256
c59f5ca5e2c1652bcaf2353294f9a6e8fc1b2bdf775d1dc207f18b298c841849
-
SHA512
1f5a9efc5c127174fa857570a219b5703af270860f1e0fc066c89e0e1ec49fe7d1f4fb45b889b185d8cc7e38d646f972a21b84a36ac02c48f4802dd330362390
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-