General
-
Target
27ef780a85145b6058a66a6b7ce9c857556ff8bc1de94f7c4e7b08a27d3962d0
-
Size
398KB
-
Sample
210727-jnz64atj56
-
MD5
1462a368b4bdb42e1944f60b0972f212
-
SHA1
9f38c86397b5a90f608e35168102ce0b42d7a0f0
-
SHA256
27ef780a85145b6058a66a6b7ce9c857556ff8bc1de94f7c4e7b08a27d3962d0
-
SHA512
2b20d8db5042be791d36f062c724d75754ddd9b0819c2c301ed1039ad316bfad458e18f67f88e6cf65f69279406002131fe8184f0c1baf5dfa8fd45bcba1a3a6
Static task
static1
Behavioral task
behavioral1
Sample
27ef780a85145b6058a66a6b7ce9c857556ff8bc1de94f7c4e7b08a27d3962d0.exe
Resource
win10v20210410
Malware Config
Extracted
redline
SewPalpadin
185.215.113.114:8887
Targets
-
-
Target
27ef780a85145b6058a66a6b7ce9c857556ff8bc1de94f7c4e7b08a27d3962d0
-
Size
398KB
-
MD5
1462a368b4bdb42e1944f60b0972f212
-
SHA1
9f38c86397b5a90f608e35168102ce0b42d7a0f0
-
SHA256
27ef780a85145b6058a66a6b7ce9c857556ff8bc1de94f7c4e7b08a27d3962d0
-
SHA512
2b20d8db5042be791d36f062c724d75754ddd9b0819c2c301ed1039ad316bfad458e18f67f88e6cf65f69279406002131fe8184f0c1baf5dfa8fd45bcba1a3a6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-