General
-
Target
43866279c665ce788216110e56726c1b82817ab79bbc9c13be309043455a74a4
-
Size
343KB
-
Sample
230810-s6br4agc3x
-
MD5
05110422872ebc723d10a402fdc27a47
-
SHA1
c06ffb335c9e4fc26d5a15e3347599e061ace2d7
-
SHA256
43866279c665ce788216110e56726c1b82817ab79bbc9c13be309043455a74a4
-
SHA512
dea9eadcd97d4851b7c428c73ded0e32c68eda4a3b986952b6305a4ea3a5ac90073ed4bb9811813c8e73770e5c2a0985e170fb5cdb421fa4b53763779c31c334
-
SSDEEP
6144:Cgk+3Y7WfT12E7n1XHs7j/X07eRFCvBVtcIIVMI:3kydfTrBHWk7eohrI
Static task
static1
Behavioral task
behavioral1
Sample
43866279c665ce788216110e56726c1b82817ab79bbc9c13be309043455a74a4.exe
Resource
win10-20230703-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
136.244.98.226:33587
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
43866279c665ce788216110e56726c1b82817ab79bbc9c13be309043455a74a4
-
Size
343KB
-
MD5
05110422872ebc723d10a402fdc27a47
-
SHA1
c06ffb335c9e4fc26d5a15e3347599e061ace2d7
-
SHA256
43866279c665ce788216110e56726c1b82817ab79bbc9c13be309043455a74a4
-
SHA512
dea9eadcd97d4851b7c428c73ded0e32c68eda4a3b986952b6305a4ea3a5ac90073ed4bb9811813c8e73770e5c2a0985e170fb5cdb421fa4b53763779c31c334
-
SSDEEP
6144:Cgk+3Y7WfT12E7n1XHs7j/X07eRFCvBVtcIIVMI:3kydfTrBHWk7eohrI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-