General
-
Target
b2114af6bb8149e6c3860e64aa47475e5c35726dcd8e28891caab5d04054f6d0
-
Size
227KB
-
Sample
220608-cdfbtahhb7
-
MD5
c342639290e42ce0860f250279c8025d
-
SHA1
c659a8d89ee09783177ea36cbb77a207a0ad018d
-
SHA256
b2114af6bb8149e6c3860e64aa47475e5c35726dcd8e28891caab5d04054f6d0
-
SHA512
9519f0feaf37e49e514653c819511ef029dff57000157264cd44ee4daee73967e1b6b98cbb7e819033d3486c860e97ff5eb32447568a8ea21a5a08ef8e47f0d2
Static task
static1
Malware Config
Extracted
redline
Lyla2
185.215.113.201:21921
-
auth_value
f3b96059847b054b3939cadefd4424ee
Extracted
redline
PRIVATOS
185.215.113.75:81
-
auth_value
5ea9b11f430f74fc81d40ef634ac1813
Extracted
redline
allsup
193.150.103.38:5473
-
auth_value
e46711734d1a10599f62ed229e676578
Targets
-
-
Target
b2114af6bb8149e6c3860e64aa47475e5c35726dcd8e28891caab5d04054f6d0
-
Size
227KB
-
MD5
c342639290e42ce0860f250279c8025d
-
SHA1
c659a8d89ee09783177ea36cbb77a207a0ad018d
-
SHA256
b2114af6bb8149e6c3860e64aa47475e5c35726dcd8e28891caab5d04054f6d0
-
SHA512
9519f0feaf37e49e514653c819511ef029dff57000157264cd44ee4daee73967e1b6b98cbb7e819033d3486c860e97ff5eb32447568a8ea21a5a08ef8e47f0d2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-