General
-
Target
05beb36fa58870f139e4d5e24b21fee2022a15f0e74da6ab6ddd006e405c86cf
-
Size
664KB
-
Sample
211125-dtaa6shea2
-
MD5
1c96e8919c0be99500d00132ee98b73c
-
SHA1
1cda29721705a4ed71c39e05df1ef94b580b51cb
-
SHA256
05beb36fa58870f139e4d5e24b21fee2022a15f0e74da6ab6ddd006e405c86cf
-
SHA512
d5f5a5bdb35349ad08b6093689668b2003da2a9b91169ffe601293c88bb5018d506ad478bb1743447a1d25e71e0b8ee194e7061a25ef408ff3edaf0da4629916
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
05beb36fa58870f139e4d5e24b21fee2022a15f0e74da6ab6ddd006e405c86cf
-
Size
664KB
-
MD5
1c96e8919c0be99500d00132ee98b73c
-
SHA1
1cda29721705a4ed71c39e05df1ef94b580b51cb
-
SHA256
05beb36fa58870f139e4d5e24b21fee2022a15f0e74da6ab6ddd006e405c86cf
-
SHA512
d5f5a5bdb35349ad08b6093689668b2003da2a9b91169ffe601293c88bb5018d506ad478bb1743447a1d25e71e0b8ee194e7061a25ef408ff3edaf0da4629916
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-