General
-
Target
file.exe
-
Size
1.5MB
-
Sample
230228-t4s42abh2w
-
MD5
da4360b12f0f88c9b17d67c96505e4c5
-
SHA1
1cd70d78a30236f05e0cef16da51df1ad7f77d1a
-
SHA256
5bade268b67fbd24241fbc7759697cf2515dc54f4812ffc753e12a3db23945ae
-
SHA512
3ad660ac538fb67ef32b8e4bcda5c1983aca9fada3b12357afdd53a0daba38d8def7677f65a91f057834997526ce05295c514e2ae160c5a5895fb3b82ff13e48
-
SSDEEP
6144:dsGMTIQl2t9xKQzAAOf6yqTmwMCWE3rlPl:dfMTIg2xANYTmJC/Pl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
file.exe
-
Size
1.5MB
-
MD5
da4360b12f0f88c9b17d67c96505e4c5
-
SHA1
1cd70d78a30236f05e0cef16da51df1ad7f77d1a
-
SHA256
5bade268b67fbd24241fbc7759697cf2515dc54f4812ffc753e12a3db23945ae
-
SHA512
3ad660ac538fb67ef32b8e4bcda5c1983aca9fada3b12357afdd53a0daba38d8def7677f65a91f057834997526ce05295c514e2ae160c5a5895fb3b82ff13e48
-
SSDEEP
6144:dsGMTIQl2t9xKQzAAOf6yqTmwMCWE3rlPl:dfMTIg2xANYTmJC/Pl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-