General
-
Target
d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5
-
Size
663KB
-
Sample
211125-tz7fvsfgdj
-
MD5
2d989b36edf9695b6f0e10fc9b59b959
-
SHA1
d42debaac744da4e595741c57a3e5111b955b346
-
SHA256
d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5
-
SHA512
499d9a4ea7a1daa82eeeeefc7e8d4a8fe2178abfcf7987141f4473611c28d0862424bacc157ce3b8ada79d7bc3aef82f4821cf26ee9ce6168b55943b8f0118ff
Static task
static1
Malware Config
Extracted
redline
25.11
185.215.113.17:7700
Targets
-
-
Target
d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5
-
Size
663KB
-
MD5
2d989b36edf9695b6f0e10fc9b59b959
-
SHA1
d42debaac744da4e595741c57a3e5111b955b346
-
SHA256
d68ff2a97b93e0963d894762a400fb9feccba8f85927ca4f212f49b0197334b5
-
SHA512
499d9a4ea7a1daa82eeeeefc7e8d4a8fe2178abfcf7987141f4473611c28d0862424bacc157ce3b8ada79d7bc3aef82f4821cf26ee9ce6168b55943b8f0118ff
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-