General
-
Target
43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca
-
Size
281KB
-
Sample
220922-g5stfaeabk
-
MD5
e8ad5392fbaa817bf854a9efbf8c86e5
-
SHA1
62b1166c26cc4ecfc99545d2d34a5a044b470d4a
-
SHA256
43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca
-
SHA512
accbe7c63594991ca730fe826e4f9dc405924298f71505adbec9fdc7336bb7874ab65de11008a40f830269dd068a861d28770423fb2a4544da9e4806439d5341
-
SSDEEP
6144:DxQuznANBstFrG/wrxFlWHM+XJITr0zIwIMigavwVfSp:DxQuceFrG/2xkWUzIwMr
Static task
static1
Behavioral task
behavioral1
Sample
43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (Sup: @mr_golds)
77.73.134.27:8163
-
auth_value
56c6f7b9024c076f0a96931453da7e56
Targets
-
-
Target
43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca
-
Size
281KB
-
MD5
e8ad5392fbaa817bf854a9efbf8c86e5
-
SHA1
62b1166c26cc4ecfc99545d2d34a5a044b470d4a
-
SHA256
43ee514caefa1048d2fb9044116dc58ca9a6a1ba89ffacdf3cf5fc9d7d82f1ca
-
SHA512
accbe7c63594991ca730fe826e4f9dc405924298f71505adbec9fdc7336bb7874ab65de11008a40f830269dd068a861d28770423fb2a4544da9e4806439d5341
-
SSDEEP
6144:DxQuznANBstFrG/wrxFlWHM+XJITr0zIwIMigavwVfSp:DxQuceFrG/2xkWUzIwMr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-