General
-
Target
file.exe
-
Size
1.3MB
-
Sample
230225-p872jadc74
-
MD5
9c517ef5a9a99285db8595eba148e6f4
-
SHA1
7ad74dfe2181019f5954af8e36c78d7edd287b31
-
SHA256
549955d44dccd997f7b3a5d941bf0a3b365e42aba32ffe7a8d89e94cd475137d
-
SHA512
2625da84dd981db546b7363b1d72ea708f907de4c94ff07d132594ac235e81ec6fa4aee72c571c5fb335cf7c21c4c432f2c175babfac8723a0a9d693a4957200
-
SSDEEP
12288:367MlzTvUuXkFho5+t1BSIdreBaHcDDG45H3jAsgwWiGuIu:GgzTUmKUWV
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
file.exe
-
Size
1.3MB
-
MD5
9c517ef5a9a99285db8595eba148e6f4
-
SHA1
7ad74dfe2181019f5954af8e36c78d7edd287b31
-
SHA256
549955d44dccd997f7b3a5d941bf0a3b365e42aba32ffe7a8d89e94cd475137d
-
SHA512
2625da84dd981db546b7363b1d72ea708f907de4c94ff07d132594ac235e81ec6fa4aee72c571c5fb335cf7c21c4c432f2c175babfac8723a0a9d693a4957200
-
SSDEEP
12288:367MlzTvUuXkFho5+t1BSIdreBaHcDDG45H3jAsgwWiGuIu:GgzTUmKUWV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-