General
-
Target
file.exe
-
Size
1.1MB
-
Sample
230227-tqs7waec4x
-
MD5
0deb9ddb90ed50f5823dcf579fdc406a
-
SHA1
92fb5d923bdcee4c0a531d5e2f8e4fe3d4610cbc
-
SHA256
48ed2056ad5f419e1a9d7d2f5ad17b3623324ce06464d6bf4e05394e3be843fd
-
SHA512
8d9a24ca62033a8b2701d14ac58e4681b488a43dd410ab1b89c90567bc305319294ba80b848380d8c3a40f9642e25c5bf18544d10bf6e08d735c6bb78420fe80
-
SSDEEP
6144:wr4XDXiN9smJJzsOqxGLpt9LAair/ulc/uERsSq9+iz7l4sX:w8XD1OqG2/ulc/ussSq9+iCsX
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
file.exe
-
Size
1.1MB
-
MD5
0deb9ddb90ed50f5823dcf579fdc406a
-
SHA1
92fb5d923bdcee4c0a531d5e2f8e4fe3d4610cbc
-
SHA256
48ed2056ad5f419e1a9d7d2f5ad17b3623324ce06464d6bf4e05394e3be843fd
-
SHA512
8d9a24ca62033a8b2701d14ac58e4681b488a43dd410ab1b89c90567bc305319294ba80b848380d8c3a40f9642e25c5bf18544d10bf6e08d735c6bb78420fe80
-
SSDEEP
6144:wr4XDXiN9smJJzsOqxGLpt9LAair/ulc/uERsSq9+iz7l4sX:w8XD1OqG2/ulc/ussSq9+iCsX
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-