General
-
Target
d4124d9e74e8283e1cf476f79f803ccd.exe
-
Size
303KB
-
Sample
210725-fkdm6j8hcj
-
MD5
d4124d9e74e8283e1cf476f79f803ccd
-
SHA1
d5a781c6299abb88080de62c7d51c4f8afcef96f
-
SHA256
9b00972991e19436c8af32f2c15fe2d2ff92ef4c4687bba4d229c6c5086d7be2
-
SHA512
b26263ad01c4a1ff39a6984834b6191dfae99ba4c502e5926b9ce6bfa6ac0f5a61d27e7c11864a19dee8d5c33184bb47b2c28ea230be50a76cde418e14c0f731
Static task
static1
Behavioral task
behavioral1
Sample
d4124d9e74e8283e1cf476f79f803ccd.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
d4124d9e74e8283e1cf476f79f803ccd.exe
Resource
win10v20210410
Malware Config
Extracted
redline
SewPalpadin
185.215.113.114:8887
Targets
-
-
Target
d4124d9e74e8283e1cf476f79f803ccd.exe
-
Size
303KB
-
MD5
d4124d9e74e8283e1cf476f79f803ccd
-
SHA1
d5a781c6299abb88080de62c7d51c4f8afcef96f
-
SHA256
9b00972991e19436c8af32f2c15fe2d2ff92ef4c4687bba4d229c6c5086d7be2
-
SHA512
b26263ad01c4a1ff39a6984834b6191dfae99ba4c502e5926b9ce6bfa6ac0f5a61d27e7c11864a19dee8d5c33184bb47b2c28ea230be50a76cde418e14c0f731
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-