General
-
Target
f5feec0ae15d2d74d467d574580458737bebcfb3adae257c6e48e8bb666ed434
-
Size
664KB
-
Sample
211125-e6r77aheh2
-
MD5
a96fad1abf32e652caae4c8d3a470d33
-
SHA1
aa5ecbc74bc72e3cf6aa5aa8604e8cd869947039
-
SHA256
f5feec0ae15d2d74d467d574580458737bebcfb3adae257c6e48e8bb666ed434
-
SHA512
bd387bb6249f529f3940ab25423b07de54c4b345262d2907dad31965a5b4ccadf86b89df8d7f0cd9bf979dfb17eb9827af8ace81366acb227b888628c27b6412
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
f5feec0ae15d2d74d467d574580458737bebcfb3adae257c6e48e8bb666ed434
-
Size
664KB
-
MD5
a96fad1abf32e652caae4c8d3a470d33
-
SHA1
aa5ecbc74bc72e3cf6aa5aa8604e8cd869947039
-
SHA256
f5feec0ae15d2d74d467d574580458737bebcfb3adae257c6e48e8bb666ed434
-
SHA512
bd387bb6249f529f3940ab25423b07de54c4b345262d2907dad31965a5b4ccadf86b89df8d7f0cd9bf979dfb17eb9827af8ace81366acb227b888628c27b6412
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-