General
-
Target
e723a885c956656a53216d854afcc6de
-
Size
1.5MB
-
Sample
230320-aqdbwaah23
-
MD5
e723a885c956656a53216d854afcc6de
-
SHA1
845f8b52510c1714e2f5585edc028b19a90b6b33
-
SHA256
ef29ff02580dea58092f579ac3fa01f9cd6acba051b430d174dc417b9b73a715
-
SHA512
1031f1102731bea5bc78de0902aeb0517b34518077013ec1a1af1abbb1d59834a99f31f680b65567c874ae7f5880426154fc09b1d665d73fb39dea503d03fcc9
-
SSDEEP
24576:0NA3R5drX/WCaG+q5Pr6q05Eu83pOB08yygFI2xjdgqAaxwk6zTl+TI926ISnEo:V5OCaG+/+t3H8ydVjd3AauTY6IQEo
Static task
static1
Behavioral task
behavioral1
Sample
e723a885c956656a53216d854afcc6de.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e723a885c956656a53216d854afcc6de.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
e723a885c956656a53216d854afcc6de
-
Size
1.5MB
-
MD5
e723a885c956656a53216d854afcc6de
-
SHA1
845f8b52510c1714e2f5585edc028b19a90b6b33
-
SHA256
ef29ff02580dea58092f579ac3fa01f9cd6acba051b430d174dc417b9b73a715
-
SHA512
1031f1102731bea5bc78de0902aeb0517b34518077013ec1a1af1abbb1d59834a99f31f680b65567c874ae7f5880426154fc09b1d665d73fb39dea503d03fcc9
-
SSDEEP
24576:0NA3R5drX/WCaG+q5Pr6q05Eu83pOB08yygFI2xjdgqAaxwk6zTl+TI926ISnEo:V5OCaG+/+t3H8ydVjd3AauTY6IQEo
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-