General
-
Target
e61fa06b6c1ec48ad2ca02011061b6f20f519a9c062d2e97a976ef6297dd03fe
-
Size
702KB
-
Sample
220126-mj94gsbggk
-
MD5
e3ba2f73de2cca020d49e67101afc327
-
SHA1
d089ca2b022a943c067651a57b4b7ba08f869ca1
-
SHA256
e61fa06b6c1ec48ad2ca02011061b6f20f519a9c062d2e97a976ef6297dd03fe
-
SHA512
013d0c646155b66e91e9633b962288eb5d920c7bd7d2d03c47fda4885600d2547005c76481cb92acbc1320dac05fb5d2c9cc8be37b172a1e0e8c3cef099f19a7
Static task
static1
Malware Config
Extracted
redline
mix26.01
185.215.113.70:21508
Targets
-
-
Target
e61fa06b6c1ec48ad2ca02011061b6f20f519a9c062d2e97a976ef6297dd03fe
-
Size
702KB
-
MD5
e3ba2f73de2cca020d49e67101afc327
-
SHA1
d089ca2b022a943c067651a57b4b7ba08f869ca1
-
SHA256
e61fa06b6c1ec48ad2ca02011061b6f20f519a9c062d2e97a976ef6297dd03fe
-
SHA512
013d0c646155b66e91e9633b962288eb5d920c7bd7d2d03c47fda4885600d2547005c76481cb92acbc1320dac05fb5d2c9cc8be37b172a1e0e8c3cef099f19a7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-