General
-
Target
33dde2f65a11d90d773715672e431b91cd565a49a985d69a4990f0c511d70068
-
Size
720KB
-
Sample
220128-3bpqksgdb2
-
MD5
c1db914a441a7fcf182cfcfb67dc8008
-
SHA1
730ba0b38665a588f1ec6656a0c317d204ef25ab
-
SHA256
33dde2f65a11d90d773715672e431b91cd565a49a985d69a4990f0c511d70068
-
SHA512
b9ecfeaac263470d8235d11ea968e7258a80b277308d3d69c4a4ecc4940c6f5f7ff3d985263dea9b8a9e1e9c0e2ccc185d5734e5d05bf686d659d4c272480a8d
Static task
static1
Malware Config
Extracted
redline
mix29.01
185.215.113.70:21508
Targets
-
-
Target
33dde2f65a11d90d773715672e431b91cd565a49a985d69a4990f0c511d70068
-
Size
720KB
-
MD5
c1db914a441a7fcf182cfcfb67dc8008
-
SHA1
730ba0b38665a588f1ec6656a0c317d204ef25ab
-
SHA256
33dde2f65a11d90d773715672e431b91cd565a49a985d69a4990f0c511d70068
-
SHA512
b9ecfeaac263470d8235d11ea968e7258a80b277308d3d69c4a4ecc4940c6f5f7ff3d985263dea9b8a9e1e9c0e2ccc185d5734e5d05bf686d659d4c272480a8d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-