General
-
Target
d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b
-
Size
702KB
-
Sample
230922-ewxpxsch4t
-
MD5
05015e867556f115a954724cdfd8ef0c
-
SHA1
b6170879fc31663cb4f74c5c397875a0ed22bb5e
-
SHA256
d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b
-
SHA512
3b040e8022eef2c902714cb2bf0b51bc73354008b07afcb9ed310493c1f5895a0aed9b2543dcb66db020dece48bbc9f6c0e79b0ee0fc932fb96f057b031dc0ed
-
SSDEEP
6144:i42shISlGy/QgBhgPfgjadztfdeVc4uVQfo2V2Q+KfuJxxREfdacUUq1csC:h2shISH/QgoPfg44uVQfoC2Q+guqAC
Static task
static1
Behavioral task
behavioral1
Sample
d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b.exe
Resource
win10-20230915-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
51.38.95.107:42494
-
auth_value
3a050df92d0cf082b2cdaf87863616be
Targets
-
-
Target
d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b
-
Size
702KB
-
MD5
05015e867556f115a954724cdfd8ef0c
-
SHA1
b6170879fc31663cb4f74c5c397875a0ed22bb5e
-
SHA256
d1f49df89aca3edea95b6cea14f288c084c17c7acdef5b701a3820f6ea122f8b
-
SHA512
3b040e8022eef2c902714cb2bf0b51bc73354008b07afcb9ed310493c1f5895a0aed9b2543dcb66db020dece48bbc9f6c0e79b0ee0fc932fb96f057b031dc0ed
-
SSDEEP
6144:i42shISlGy/QgBhgPfgjadztfdeVc4uVQfo2V2Q+KfuJxxREfdacUUq1csC:h2shISH/QgoPfg44uVQfoC2Q+guqAC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-