General
-
Target
503b39d674a2e565acc4b553cbf9aa06e53009c2ddff38c3a1a984cdd2082f13
-
Size
394KB
-
Sample
210725-nvb7vqqcfx
-
MD5
9d922e312ad56cc9a0acd1a6281041e6
-
SHA1
ab835ecc3cd1b0e9abcd5157c22625db18cc9bb5
-
SHA256
503b39d674a2e565acc4b553cbf9aa06e53009c2ddff38c3a1a984cdd2082f13
-
SHA512
22ec5f77de9fa73f79062a542c5c667fee3860463dd6b39485c5b434ed25a4736de04fff0d0ba7970dd8e8fe90bf2b252a75fea2c285c40798805ce2c107b9a0
Static task
static1
Behavioral task
behavioral1
Sample
503b39d674a2e565acc4b553cbf9aa06e53009c2ddff38c3a1a984cdd2082f13.exe
Resource
win10v20210410
Malware Config
Extracted
redline
SewPalpadin
185.215.113.114:8887
Targets
-
-
Target
503b39d674a2e565acc4b553cbf9aa06e53009c2ddff38c3a1a984cdd2082f13
-
Size
394KB
-
MD5
9d922e312ad56cc9a0acd1a6281041e6
-
SHA1
ab835ecc3cd1b0e9abcd5157c22625db18cc9bb5
-
SHA256
503b39d674a2e565acc4b553cbf9aa06e53009c2ddff38c3a1a984cdd2082f13
-
SHA512
22ec5f77de9fa73f79062a542c5c667fee3860463dd6b39485c5b434ed25a4736de04fff0d0ba7970dd8e8fe90bf2b252a75fea2c285c40798805ce2c107b9a0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-