General
-
Target
dbd6e56c79a80b8fc425ad7457a1c851ef91bd9fb4b1baedded0bcc8203f104a
-
Size
664KB
-
Sample
211125-pzj84sfcar
-
MD5
974bed73c4ae07dc4fc5faefd155859f
-
SHA1
c6d85265d0c80254085432ccf240493cb77218b4
-
SHA256
dbd6e56c79a80b8fc425ad7457a1c851ef91bd9fb4b1baedded0bcc8203f104a
-
SHA512
2032111d89b3f2c661bd69ad7570f0f85c559559cd79cb2a9ddacd2396368a4d6054ee4acf51a4ca1b91e856fc7b2c138f7ceac1fd385f7bfa752152d7f9325f
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
dbd6e56c79a80b8fc425ad7457a1c851ef91bd9fb4b1baedded0bcc8203f104a
-
Size
664KB
-
MD5
974bed73c4ae07dc4fc5faefd155859f
-
SHA1
c6d85265d0c80254085432ccf240493cb77218b4
-
SHA256
dbd6e56c79a80b8fc425ad7457a1c851ef91bd9fb4b1baedded0bcc8203f104a
-
SHA512
2032111d89b3f2c661bd69ad7570f0f85c559559cd79cb2a9ddacd2396368a4d6054ee4acf51a4ca1b91e856fc7b2c138f7ceac1fd385f7bfa752152d7f9325f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-