General
-
Target
14271daa9969f8377470903586a0274c1e2707750a477b00116eab369c16491a
-
Size
702KB
-
Sample
220126-f699fahbbr
-
MD5
9dd8d89aeadccac0815c84df392e2a21
-
SHA1
445ca1ee4d16b473f5c5e0fd45b5628cf7e73086
-
SHA256
14271daa9969f8377470903586a0274c1e2707750a477b00116eab369c16491a
-
SHA512
3b228e6c7edcd9433a447cc0a8322d598f2bd7506608d53c0e103d53a3d8be3def28430abc7a3634644c81e0e9a9c2f997775bdd3e556410b7b0eee2f0043f36
Static task
static1
Malware Config
Extracted
redline
mix26.01
185.215.113.70:21508
Targets
-
-
Target
14271daa9969f8377470903586a0274c1e2707750a477b00116eab369c16491a
-
Size
702KB
-
MD5
9dd8d89aeadccac0815c84df392e2a21
-
SHA1
445ca1ee4d16b473f5c5e0fd45b5628cf7e73086
-
SHA256
14271daa9969f8377470903586a0274c1e2707750a477b00116eab369c16491a
-
SHA512
3b228e6c7edcd9433a447cc0a8322d598f2bd7506608d53c0e103d53a3d8be3def28430abc7a3634644c81e0e9a9c2f997775bdd3e556410b7b0eee2f0043f36
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-