General
-
Target
d6448d3082b315cf8dfa2dbbd9962b2c.exe
-
Size
342KB
-
Sample
230810-r5ab7sfd9x
-
MD5
d6448d3082b315cf8dfa2dbbd9962b2c
-
SHA1
49bfd5dec78118eef7fb377328ef49bfe18063ae
-
SHA256
5d6b4e79354059546f003225ed6a08bc4636d66876b714f24440f5568e5e7f81
-
SHA512
e69d0fbdcb09d2ffdc711668d432d66975d7c654e76854fc6d4112e9a6a0235eef0dc7f1a4f91354a6b16cdb713d2c37c89fe931057b19dfc75009ae648821fa
-
SSDEEP
6144:2nK3ahuyufDH2Fgn2inVnJkRXIu9xf2/iwtf1:O+Nyu7WFM2UJMw/iO1
Static task
static1
Behavioral task
behavioral1
Sample
d6448d3082b315cf8dfa2dbbd9962b2c.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
136.244.98.226:33587
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
d6448d3082b315cf8dfa2dbbd9962b2c.exe
-
Size
342KB
-
MD5
d6448d3082b315cf8dfa2dbbd9962b2c
-
SHA1
49bfd5dec78118eef7fb377328ef49bfe18063ae
-
SHA256
5d6b4e79354059546f003225ed6a08bc4636d66876b714f24440f5568e5e7f81
-
SHA512
e69d0fbdcb09d2ffdc711668d432d66975d7c654e76854fc6d4112e9a6a0235eef0dc7f1a4f91354a6b16cdb713d2c37c89fe931057b19dfc75009ae648821fa
-
SSDEEP
6144:2nK3ahuyufDH2Fgn2inVnJkRXIu9xf2/iwtf1:O+Nyu7WFM2UJMw/iO1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1