General
-
Target
84d9e912e24a27aa3b4f77f75c3817594f188bd3f0fc3edf9f4669e65b5755b3
-
Size
407KB
-
Sample
220521-rbbm6scgdq
-
MD5
4c3394cc1e57b8d6ca1b3a087d05909f
-
SHA1
b15397cb1c3a556babf5e93032c78f346ddcbd5f
-
SHA256
84d9e912e24a27aa3b4f77f75c3817594f188bd3f0fc3edf9f4669e65b5755b3
-
SHA512
62d377c4c7cf9c7e264e0b5a98cae87fba5c7ddc3fb67f9478102883fb3d420dfe04062e6572a2f2e8ab48a0ab4606ccecd24243fa6eab875e16ad493699bf53
Static task
static1
Malware Config
Extracted
redline
test1
185.215.113.75:80
-
auth_value
7ab4a4e2eae9eb7ae10f64f68df53bb3
Targets
-
-
Target
84d9e912e24a27aa3b4f77f75c3817594f188bd3f0fc3edf9f4669e65b5755b3
-
Size
407KB
-
MD5
4c3394cc1e57b8d6ca1b3a087d05909f
-
SHA1
b15397cb1c3a556babf5e93032c78f346ddcbd5f
-
SHA256
84d9e912e24a27aa3b4f77f75c3817594f188bd3f0fc3edf9f4669e65b5755b3
-
SHA512
62d377c4c7cf9c7e264e0b5a98cae87fba5c7ddc3fb67f9478102883fb3d420dfe04062e6572a2f2e8ab48a0ab4606ccecd24243fa6eab875e16ad493699bf53
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Data from Local System
2Command and Control
Credential Access
Credentials in Files
2Defense Evasion
Discovery
Query Registry
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation