General
-
Target
123.exe
-
Size
1.2MB
-
Sample
230303-myz7tsgf3v
-
MD5
8494ca7ab9449d75b140c54e991728a5
-
SHA1
15f141e605256e13efc543a2db1b672d1df3b8bf
-
SHA256
cea75be39f6e0ba0a4d42a5d00ae4b4cfade28e7ed28d7fb28bc41bbb3bd4734
-
SHA512
827868f9e1c13800942782ccaa46730f02cd9741596a1e38e65cb061d4cc5d9a4317caeedb99b5509b76e473c81439a11ddbb1a2292e8e3d1da0ad55cd20994a
-
SSDEEP
6144:FtrS3bB2cu6reOGSAOykliQ0WTUkE4zgiQ:i3bBbqSIkliTWokE48i
Static task
static1
Behavioral task
behavioral1
Sample
123.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
123.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
123.exe
-
Size
1.2MB
-
MD5
8494ca7ab9449d75b140c54e991728a5
-
SHA1
15f141e605256e13efc543a2db1b672d1df3b8bf
-
SHA256
cea75be39f6e0ba0a4d42a5d00ae4b4cfade28e7ed28d7fb28bc41bbb3bd4734
-
SHA512
827868f9e1c13800942782ccaa46730f02cd9741596a1e38e65cb061d4cc5d9a4317caeedb99b5509b76e473c81439a11ddbb1a2292e8e3d1da0ad55cd20994a
-
SSDEEP
6144:FtrS3bB2cu6reOGSAOykliQ0WTUkE4zgiQ:i3bBbqSIkliTWokE48i
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-