General
-
Target
a1d25c450b3f6a1fe34e6b9774d2985bc95810a738f6f67ec64acbca490cd572
-
Size
397KB
-
Sample
210727-yqq9jb2ms6
-
MD5
25a38f301adcab74f0e148b47c62d783
-
SHA1
7bd2ec52432fd4ca6aea64a8f97dd2841a5aefa8
-
SHA256
a1d25c450b3f6a1fe34e6b9774d2985bc95810a738f6f67ec64acbca490cd572
-
SHA512
d5c0952f04a596c6165b4eff2fd8048180ce7e60477684da690cf5add96ac6c101938cb70856d977e6498daad24cec41300c41fce2c8912fa619926510ab5759
Static task
static1
Behavioral task
behavioral1
Sample
a1d25c450b3f6a1fe34e6b9774d2985bc95810a738f6f67ec64acbca490cd572.exe
Resource
win10v20210410
Malware Config
Extracted
redline
SewPalpadin
185.215.113.114:8887
Targets
-
-
Target
a1d25c450b3f6a1fe34e6b9774d2985bc95810a738f6f67ec64acbca490cd572
-
Size
397KB
-
MD5
25a38f301adcab74f0e148b47c62d783
-
SHA1
7bd2ec52432fd4ca6aea64a8f97dd2841a5aefa8
-
SHA256
a1d25c450b3f6a1fe34e6b9774d2985bc95810a738f6f67ec64acbca490cd572
-
SHA512
d5c0952f04a596c6165b4eff2fd8048180ce7e60477684da690cf5add96ac6c101938cb70856d977e6498daad24cec41300c41fce2c8912fa619926510ab5759
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-