General
-
Target
93.exe
-
Size
992KB
-
Sample
230319-b1zhjaed48
-
MD5
ef96161362524c8c286e952471f9fa1a
-
SHA1
fe32786fce97cc4f6a95ced4e575c5e5c085edb1
-
SHA256
d11d05f8a25f446990e9e2d7ea4040829d529371622068e2192395f44566d77c
-
SHA512
e3ffcebb0aff06903de5270f769d2058f9963860eb3f5b382bb73236e659c9af68bb43f91ff0ab1fd2049fdefedeca3b7de949d969670b606bd5314580499b75
-
SSDEEP
24576:KTbBv5rUlIeORxtCYuAgOnouRgSc0YZZMyV9Y7j/ikiHTV4B:8BRe2xYVj+g1zMyVe7jZkTm
Static task
static1
Behavioral task
behavioral1
Sample
93.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
93.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (Buy Sub: @logsdillabot)
51.89.204.181:22299
-
auth_value
c58b36bf9ece1a6b9aa0c5080c9f7a04
Targets
-
-
Target
93.exe
-
Size
992KB
-
MD5
ef96161362524c8c286e952471f9fa1a
-
SHA1
fe32786fce97cc4f6a95ced4e575c5e5c085edb1
-
SHA256
d11d05f8a25f446990e9e2d7ea4040829d529371622068e2192395f44566d77c
-
SHA512
e3ffcebb0aff06903de5270f769d2058f9963860eb3f5b382bb73236e659c9af68bb43f91ff0ab1fd2049fdefedeca3b7de949d969670b606bd5314580499b75
-
SSDEEP
24576:KTbBv5rUlIeORxtCYuAgOnouRgSc0YZZMyV9Y7j/ikiHTV4B:8BRe2xYVj+g1zMyVe7jZkTm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-