General
-
Target
2bd999eaee31ea5fadf06fa97bb96d88.exe
-
Size
1.1MB
-
Sample
230314-xmg7zshc53
-
MD5
2bd999eaee31ea5fadf06fa97bb96d88
-
SHA1
f312c1506848d4cf648286ee7e79c5562e112683
-
SHA256
a52dd05dfaa0f47bc084584db0f2ada790764b6332ec85cb36ae1301aa72af5f
-
SHA512
72cfb60ea3fe021759724030a062efb43aa2005996b03fc7d1d5c1bb8ab7bf4bd93f30bc08aeedf10139dc282b3b66c6ece768237e2489663f175c0e02702f38
-
SSDEEP
6144:DQInIYF4l9rZmvvCjAO9V0UHk8CnTErrFnPPdWYwmwLI:DD1Gl9rtnrZh5wc
Static task
static1
Behavioral task
behavioral1
Sample
2bd999eaee31ea5fadf06fa97bb96d88.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2bd999eaee31ea5fadf06fa97bb96d88.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
2bd999eaee31ea5fadf06fa97bb96d88.exe
-
Size
1.1MB
-
MD5
2bd999eaee31ea5fadf06fa97bb96d88
-
SHA1
f312c1506848d4cf648286ee7e79c5562e112683
-
SHA256
a52dd05dfaa0f47bc084584db0f2ada790764b6332ec85cb36ae1301aa72af5f
-
SHA512
72cfb60ea3fe021759724030a062efb43aa2005996b03fc7d1d5c1bb8ab7bf4bd93f30bc08aeedf10139dc282b3b66c6ece768237e2489663f175c0e02702f38
-
SSDEEP
6144:DQInIYF4l9rZmvvCjAO9V0UHk8CnTErrFnPPdWYwmwLI:DD1Gl9rtnrZh5wc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-