General
-
Target
7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe
-
Size
992KB
-
Sample
230408-hweqwscb96
-
MD5
d0966ed4ab92da20727b209e46fa8001
-
SHA1
d91b4a235bc0b4ccd81b55daa2443f078084bad3
-
SHA256
7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe
-
SHA512
7da4f1d454dcc7a4f2125a057b524a9dba9ae2147848e5b47a01c56eece242d9c92505aa2bf9ab9b9964f7d5fda63e0ca2a39fc1f32ee5b15470d1262ee12006
-
SSDEEP
24576:uTbBv5rUlIMgrjMUHTdv9UeRSdRW4goi3qxNIRBCVqPU+3+MS:QBRMgrjMUHTdSeREXg96DYYqPL
Static task
static1
Behavioral task
behavioral1
Sample
7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.89.204.181:22299
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe
-
Size
992KB
-
MD5
d0966ed4ab92da20727b209e46fa8001
-
SHA1
d91b4a235bc0b4ccd81b55daa2443f078084bad3
-
SHA256
7afdf95356b866cd9655939cece6b4b394aaaada722669db5fd1b324f47171fe
-
SHA512
7da4f1d454dcc7a4f2125a057b524a9dba9ae2147848e5b47a01c56eece242d9c92505aa2bf9ab9b9964f7d5fda63e0ca2a39fc1f32ee5b15470d1262ee12006
-
SSDEEP
24576:uTbBv5rUlIMgrjMUHTdv9UeRSdRW4goi3qxNIRBCVqPU+3+MS:QBRMgrjMUHTdSeREXg96DYYqPL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-