General
-
Target
file
-
Size
433KB
-
Sample
240112-l77slaefg8
-
MD5
934a149a5b670c176df9151be74c8b7b
-
SHA1
1801553170cbf0d4511b0e87a3dd8820e5656460
-
SHA256
ab9f7995b911511781cfb226027d60173f2ab8f6482372f51756fa40d93b2f59
-
SHA512
23909b107287dbdc5af70e13488a19465353425b56bc43baccbfc38c901632d5cdca9748fa5bf323686e1c01c13874f4d97511bca7d1e8b93ab4fe52178d82b4
-
SSDEEP
6144:K59M5pbvywa5Tc8QVzMZUi9xKZjIKLBhOILQc/STFloRM213dYBQ2cgyybxFzJeS:f1aN17gZjvBskMhT213Ocgyybxx
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
195.20.16.168:34926
Targets
-
-
Target
file
-
Size
433KB
-
MD5
934a149a5b670c176df9151be74c8b7b
-
SHA1
1801553170cbf0d4511b0e87a3dd8820e5656460
-
SHA256
ab9f7995b911511781cfb226027d60173f2ab8f6482372f51756fa40d93b2f59
-
SHA512
23909b107287dbdc5af70e13488a19465353425b56bc43baccbfc38c901632d5cdca9748fa5bf323686e1c01c13874f4d97511bca7d1e8b93ab4fe52178d82b4
-
SSDEEP
6144:K59M5pbvywa5Tc8QVzMZUi9xKZjIKLBhOILQc/STFloRM213dYBQ2cgyybxFzJeS:f1aN17gZjvBskMhT213Ocgyybxx
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-