General
-
Target
e5973424d3b81b0b22bfc648f51f6b16f6c0d778e344ad9f4f9b1720eca84654
-
Size
153KB
-
Sample
220926-ptnpcaagf5
-
MD5
04ae7ee383083cf2eebe1170650d1b93
-
SHA1
e3f14e07708d03fa84adf6ad4746ae82de580316
-
SHA256
e5973424d3b81b0b22bfc648f51f6b16f6c0d778e344ad9f4f9b1720eca84654
-
SHA512
f12eb2db2d383c0100e5434fb84be4239f1f2bb49f6bfed4ae22fbe223b934d002abb1336991443ecea66fa3be34316ad16426ef12ba62860d179ee07c992032
-
SSDEEP
3072:dIIxTF5dkdSedPTsaEkul27th1QJTFnBOq1pPqE1+5B:p8lPThTV7yJTj1pX
Static task
static1
Behavioral task
behavioral1
Sample
e5973424d3b81b0b22bfc648f51f6b16f6c0d778e344ad9f4f9b1720eca84654.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Targets
-
-
Target
e5973424d3b81b0b22bfc648f51f6b16f6c0d778e344ad9f4f9b1720eca84654
-
Size
153KB
-
MD5
04ae7ee383083cf2eebe1170650d1b93
-
SHA1
e3f14e07708d03fa84adf6ad4746ae82de580316
-
SHA256
e5973424d3b81b0b22bfc648f51f6b16f6c0d778e344ad9f4f9b1720eca84654
-
SHA512
f12eb2db2d383c0100e5434fb84be4239f1f2bb49f6bfed4ae22fbe223b934d002abb1336991443ecea66fa3be34316ad16426ef12ba62860d179ee07c992032
-
SSDEEP
3072:dIIxTF5dkdSedPTsaEkul27th1QJTFnBOq1pPqE1+5B:p8lPThTV7yJTj1pX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-