General
-
Target
244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444.exe
-
Size
1.5MB
-
Sample
230405-m6zk9sea73
-
MD5
46483fa7468e34ce2ddf1f89c282c8c9
-
SHA1
0dd6b938c8e5c5c1702b9d5929b8cee6b694855b
-
SHA256
244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444
-
SHA512
5b580a5bddba8837cfdda63eb1cc04c612a239ea08bac187e8968eff0f983a9ecede552639539047533db951c76456f869ec5f97a11bb24fb17df470aa2eba38
-
SSDEEP
24576:0NA3R5drX/Wb4b7hdC6fAU6B/AqoUiB7SMoildKv2hJVffhG/8ertiytCv2nUeTE:V5Obuhh44PB77JVI8eJiywqV2pR/
Static task
static1
Behavioral task
behavioral1
Sample
244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444.exe
-
Size
1.5MB
-
MD5
46483fa7468e34ce2ddf1f89c282c8c9
-
SHA1
0dd6b938c8e5c5c1702b9d5929b8cee6b694855b
-
SHA256
244982d45d69eff9af5620eed85c3ec725f7446b50ba3ac64ec2ca883c5f4444
-
SHA512
5b580a5bddba8837cfdda63eb1cc04c612a239ea08bac187e8968eff0f983a9ecede552639539047533db951c76456f869ec5f97a11bb24fb17df470aa2eba38
-
SSDEEP
24576:0NA3R5drX/Wb4b7hdC6fAU6B/AqoUiB7SMoildKv2hJVffhG/8ertiytCv2nUeTE:V5Obuhh44PB77JVI8eJiywqV2pR/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-