General
-
Target
af435c0ca07035b7eafd546401ae102569472b10615425071e7df97f6863182d
-
Size
702KB
-
Sample
220126-qlqdmsdbaq
-
MD5
95f689f222c123edd2778236080090b2
-
SHA1
a69f2e9b7fe13cc9f14011e035a25e41d52d6b46
-
SHA256
af435c0ca07035b7eafd546401ae102569472b10615425071e7df97f6863182d
-
SHA512
d140b3d29f47740616008260d243d1bb51cd95ffe7abd10cfbcaa05dd3ecd3a2cc6b6ee1abb59ae46f1bff71d7b88828505797deecf16a15ad8058023fee7c01
Static task
static1
Malware Config
Extracted
redline
mix26.01
185.215.113.70:21508
Targets
-
-
Target
af435c0ca07035b7eafd546401ae102569472b10615425071e7df97f6863182d
-
Size
702KB
-
MD5
95f689f222c123edd2778236080090b2
-
SHA1
a69f2e9b7fe13cc9f14011e035a25e41d52d6b46
-
SHA256
af435c0ca07035b7eafd546401ae102569472b10615425071e7df97f6863182d
-
SHA512
d140b3d29f47740616008260d243d1bb51cd95ffe7abd10cfbcaa05dd3ecd3a2cc6b6ee1abb59ae46f1bff71d7b88828505797deecf16a15ad8058023fee7c01
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-