General
-
Target
b949938d97603fea9712d775f2685897.exe
-
Size
310KB
-
Sample
210725-hwjqkrl7xa
-
MD5
b949938d97603fea9712d775f2685897
-
SHA1
1e31498a2045a82bb176ed85a0f3102aabbc2076
-
SHA256
cbf2b2eb00bc4a26013a386c1b00264b62c14de3c7ab42fda6565c460ad65c86
-
SHA512
2726cd3bf9618355cf893da0994daabec64cb001dfa8a17deea6549042338a97cf16deb7ab84c1f16c233154bb079e95486a320c56d195ea98ee807f90af7aba
Static task
static1
Behavioral task
behavioral1
Sample
b949938d97603fea9712d775f2685897.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b949938d97603fea9712d775f2685897.exe
Resource
win10v20210408
Malware Config
Extracted
redline
SewPalpadin
185.215.113.114:8887
Targets
-
-
Target
b949938d97603fea9712d775f2685897.exe
-
Size
310KB
-
MD5
b949938d97603fea9712d775f2685897
-
SHA1
1e31498a2045a82bb176ed85a0f3102aabbc2076
-
SHA256
cbf2b2eb00bc4a26013a386c1b00264b62c14de3c7ab42fda6565c460ad65c86
-
SHA512
2726cd3bf9618355cf893da0994daabec64cb001dfa8a17deea6549042338a97cf16deb7ab84c1f16c233154bb079e95486a320c56d195ea98ee807f90af7aba
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-