General
-
Target
bd308fdc3dad7b71a15b2ab609a49922.exe
-
Size
997KB
-
Sample
230324-hcxscscf83
-
MD5
bd308fdc3dad7b71a15b2ab609a49922
-
SHA1
4f6a6cc92d2fdc3b1c7caaacdb4dfbceeb7329a9
-
SHA256
90655e3b08fb570c3a012f636be8480f8b3a6eace0c39ecb92cddc5e860bc240
-
SHA512
c792a1559d1b9cb83c013b28627a1e13c124289de8f07979ea4ced1f748b875851ace976f836a1814df965465adc855693915f627560274392ac48f95648fbc2
-
SSDEEP
12288:FToPWBv/cpGrU3yDT+tjI9tnj1i2+Qrm0OodmKiZ3yxSxiWuq9Hz9MX3oXjJ3LHV:FTbBv5rUlIfj1z+EmcdDykqvTJbHnV
Static task
static1
Behavioral task
behavioral1
Sample
bd308fdc3dad7b71a15b2ab609a49922.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bd308fdc3dad7b71a15b2ab609a49922.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.210.161.21:36108
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
bd308fdc3dad7b71a15b2ab609a49922.exe
-
Size
997KB
-
MD5
bd308fdc3dad7b71a15b2ab609a49922
-
SHA1
4f6a6cc92d2fdc3b1c7caaacdb4dfbceeb7329a9
-
SHA256
90655e3b08fb570c3a012f636be8480f8b3a6eace0c39ecb92cddc5e860bc240
-
SHA512
c792a1559d1b9cb83c013b28627a1e13c124289de8f07979ea4ced1f748b875851ace976f836a1814df965465adc855693915f627560274392ac48f95648fbc2
-
SSDEEP
12288:FToPWBv/cpGrU3yDT+tjI9tnj1i2+Qrm0OodmKiZ3yxSxiWuq9Hz9MX3oXjJ3LHV:FTbBv5rUlIfj1z+EmcdDykqvTJbHnV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-