General
-
Target
367d2756c150660b8a10eb4cc9b9156c
-
Size
931KB
-
Sample
230320-am1yrsag83
-
MD5
367d2756c150660b8a10eb4cc9b9156c
-
SHA1
fbecfbef0552baf1e1d020111e682c28c447550d
-
SHA256
eafe8943fb59601a8fde733bca989392136027e61bf84210ff2cfa95a124e581
-
SHA512
67e1d25a9f1f381a54102c8afc9d8ad81dc8119167ebe01031cb8f81cf528b679c3afd559147148565ee307a0dc0d8e166d1ea129d08242941fe2eb04102a365
-
SSDEEP
24576:0NA3R5drX/WpprqbVBnEv32hU40T96UQU7:V5OppCNEv3jn6U/7
Static task
static1
Behavioral task
behavioral1
Sample
367d2756c150660b8a10eb4cc9b9156c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
367d2756c150660b8a10eb4cc9b9156c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
367d2756c150660b8a10eb4cc9b9156c
-
Size
931KB
-
MD5
367d2756c150660b8a10eb4cc9b9156c
-
SHA1
fbecfbef0552baf1e1d020111e682c28c447550d
-
SHA256
eafe8943fb59601a8fde733bca989392136027e61bf84210ff2cfa95a124e581
-
SHA512
67e1d25a9f1f381a54102c8afc9d8ad81dc8119167ebe01031cb8f81cf528b679c3afd559147148565ee307a0dc0d8e166d1ea129d08242941fe2eb04102a365
-
SSDEEP
24576:0NA3R5drX/WpprqbVBnEv32hU40T96UQU7:V5OppCNEv3jn6U/7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-