General
-
Target
520-94-0x0000000000230000-0x0000000000BA2000-memory.dmp
-
Size
9.4MB
-
Sample
230328-smjctsdd3x
-
MD5
e1e56585152a2dcb581105339d0ee454
-
SHA1
f402d6b874273d99aef0b6db1f49ed12538fea28
-
SHA256
bbc18dde3ed21e51e97e0187f63a2b8787ef3be6c3070e915497c66bfc179187
-
SHA512
1189ad59a3cdbb258f1e73b8c4369502300c3646171fde7fe90dbeb2436a49ddda99fd1d5c39732705a97811f0e6353fcf475626f32cbb70768fa2602cdaac43
-
SSDEEP
196608:2QQZN6NLt86pyG1YYR3oSzi6jPdvHa7ZO4N9/YsYWVvT3q:2qNLfS0iSZyFN9gsPb3q
Behavioral task
behavioral1
Sample
520-94-0x0000000000230000-0x0000000000BA2000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
520-94-0x0000000000230000-0x0000000000BA2000-memory.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
51.210.161.21:36108
-
auth_value
c2955ed3813a798683a185a82e949f88
Targets
-
-
Target
520-94-0x0000000000230000-0x0000000000BA2000-memory.dmp
-
Size
9.4MB
-
MD5
e1e56585152a2dcb581105339d0ee454
-
SHA1
f402d6b874273d99aef0b6db1f49ed12538fea28
-
SHA256
bbc18dde3ed21e51e97e0187f63a2b8787ef3be6c3070e915497c66bfc179187
-
SHA512
1189ad59a3cdbb258f1e73b8c4369502300c3646171fde7fe90dbeb2436a49ddda99fd1d5c39732705a97811f0e6353fcf475626f32cbb70768fa2602cdaac43
-
SSDEEP
196608:2QQZN6NLt86pyG1YYR3oSzi6jPdvHa7ZO4N9/YsYWVvT3q:2qNLfS0iSZyFN9gsPb3q
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-