General
-
Target
27a8a92f7b2d4ec7977165d5b6aac135.exe
-
Size
1.5MB
-
Sample
240706-pjba9s1bng
-
MD5
27a8a92f7b2d4ec7977165d5b6aac135
-
SHA1
0ca94d3c5e5fcb6ee0952ec2a9c2e98f5a27c700
-
SHA256
ba8b5e47d1d20028cd7ddb4ea828ebc9e8b7d4c67b332544b8cd253ad606e3c4
-
SHA512
da6ef0bd87e597efaa7791d25958039b0bb910532555c8d9c8d542fa38ffc302fbd156f06c0d72db9af647272d77032a65458dc804a220175d1d60a518e27a6f
-
SSDEEP
12288:akprWrfjIMvv+XHw2dOb25Z2TVPFGhWI/CIbYOE/IBikjUGuR:ErAXHw9trGs8CnOliAUh
Static task
static1
Behavioral task
behavioral1
Sample
27a8a92f7b2d4ec7977165d5b6aac135.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
27a8a92f7b2d4ec7977165d5b6aac135.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
redline
VIP
173.195.100.68:1912
Targets
-
-
Target
27a8a92f7b2d4ec7977165d5b6aac135.exe
-
Size
1.5MB
-
MD5
27a8a92f7b2d4ec7977165d5b6aac135
-
SHA1
0ca94d3c5e5fcb6ee0952ec2a9c2e98f5a27c700
-
SHA256
ba8b5e47d1d20028cd7ddb4ea828ebc9e8b7d4c67b332544b8cd253ad606e3c4
-
SHA512
da6ef0bd87e597efaa7791d25958039b0bb910532555c8d9c8d542fa38ffc302fbd156f06c0d72db9af647272d77032a65458dc804a220175d1d60a518e27a6f
-
SSDEEP
12288:akprWrfjIMvv+XHw2dOb25Z2TVPFGhWI/CIbYOE/IBikjUGuR:ErAXHw9trGs8CnOliAUh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-