General
-
Target
24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe
-
Size
328KB
-
Sample
230813-k85tysab92
-
MD5
f635244249cbfb941d5e731e85317cd7
-
SHA1
18348912a1b40a932275dcb2385ff5605d282f7b
-
SHA256
24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290
-
SHA512
72ce1cd49451009ceb167682079fc1b891d3cb62230c559d7e301dccba226e77e215a35ceac7872ac0c33080454562880bf2c8e8e81ed80b02159dad10edb619
-
SSDEEP
6144:e+U+3LlWV4W8wrKLOq/5MDaQV7vhM+4V7StG3Byv:ed+3RWV4W8wrKL15Q9VJ4V7SJ
Static task
static1
Behavioral task
behavioral1
Sample
24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.83.170.21:19447
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe
-
Size
328KB
-
MD5
f635244249cbfb941d5e731e85317cd7
-
SHA1
18348912a1b40a932275dcb2385ff5605d282f7b
-
SHA256
24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290
-
SHA512
72ce1cd49451009ceb167682079fc1b891d3cb62230c559d7e301dccba226e77e215a35ceac7872ac0c33080454562880bf2c8e8e81ed80b02159dad10edb619
-
SSDEEP
6144:e+U+3LlWV4W8wrKLOq/5MDaQV7vhM+4V7StG3Byv:ed+3RWV4W8wrKL15Q9VJ4V7SJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1