General
-
Target
file.exe
-
Size
330KB
-
Sample
221206-s5bqpsec21
-
MD5
cceeb294bd5e7b01e40f94616ae20df4
-
SHA1
6850d9bfbcc00b9cae98f197350905e3c2eca4e8
-
SHA256
91fde83c85a83a2ce242a1ebb819fd0eddc7291562d3cc756d64b6fd0a386b94
-
SHA512
121d63205c67b1bb7df41dc27169930a3f8acff7e16b1cdb39082e9d92c669348fc962b0b3d09e661c7e39f39c4a18a45db11918879f3e278d57d5774b0e4d10
-
SSDEEP
6144:PZY9aCa+KPVlA86o/29e3ohFFhmbcv3I+Q6rG5L/V:e9FKh6ou9wobm4v3I+Qn
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
135.125.27.235:22883
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
file.exe
-
Size
330KB
-
MD5
cceeb294bd5e7b01e40f94616ae20df4
-
SHA1
6850d9bfbcc00b9cae98f197350905e3c2eca4e8
-
SHA256
91fde83c85a83a2ce242a1ebb819fd0eddc7291562d3cc756d64b6fd0a386b94
-
SHA512
121d63205c67b1bb7df41dc27169930a3f8acff7e16b1cdb39082e9d92c669348fc962b0b3d09e661c7e39f39c4a18a45db11918879f3e278d57d5774b0e4d10
-
SSDEEP
6144:PZY9aCa+KPVlA86o/29e3ohFFhmbcv3I+Q6rG5L/V:e9FKh6ou9wobm4v3I+Qn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-