General
-
Target
file.exe
-
Size
1.2MB
-
Sample
230311-tb8n1scb41
-
MD5
6d601010d087f1f7ae66ac4aa3c9f1b1
-
SHA1
250580e233b501b7f1f8e74a4ff955a39b4d9f80
-
SHA256
ae3085ff3a64910dd1835bf490fb946a3e43bca523642dfa2e4e2a93e128a89b
-
SHA512
ad502f46104f52b00f9ceb2ee4432c614b6db1dfd56af3c6b9c5c05265459658eac1ecfd3fe48555094a69eaab1e5b0b5de825b274dc6393c06b51160de9fe58
-
SSDEEP
6144:ViguLqwytKj+4Qc6xDAOLlG6x7WyRiDeY:VfuLqwR+NxDR0Te
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
file.exe
-
Size
1.2MB
-
MD5
6d601010d087f1f7ae66ac4aa3c9f1b1
-
SHA1
250580e233b501b7f1f8e74a4ff955a39b4d9f80
-
SHA256
ae3085ff3a64910dd1835bf490fb946a3e43bca523642dfa2e4e2a93e128a89b
-
SHA512
ad502f46104f52b00f9ceb2ee4432c614b6db1dfd56af3c6b9c5c05265459658eac1ecfd3fe48555094a69eaab1e5b0b5de825b274dc6393c06b51160de9fe58
-
SSDEEP
6144:ViguLqwytKj+4Qc6xDAOLlG6x7WyRiDeY:VfuLqwR+NxDR0Te
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-