General
-
Target
file.exe
-
Size
310KB
-
Sample
240407-zqe8xaef29
-
MD5
b1284512da39510cfad55c9d000c6973
-
SHA1
3fd55ac23698711601535781153a1047b4f9a65b
-
SHA256
d120ced38346298e6050d82c112c10fabbbd240b759212b545658c0e9289165b
-
SHA512
900ec06137461241e8cc428fab2d0dc2620f23d58db0b1306c08e7f1c83e1c36d12c0391b5ef8d3c3257eff50ecfd45e510b347c9479d1b3b9a889a491d8762b
-
SSDEEP
6144:jB3dEsS3I3j8RMQ+RILLh/AYOOifna9WaKYtcfVByVxckHOT6I6Fqb:jJdEA4V+Ro5OGW5IO/y4kuTwA
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.0:29587
Targets
-
-
Target
file.exe
-
Size
310KB
-
MD5
b1284512da39510cfad55c9d000c6973
-
SHA1
3fd55ac23698711601535781153a1047b4f9a65b
-
SHA256
d120ced38346298e6050d82c112c10fabbbd240b759212b545658c0e9289165b
-
SHA512
900ec06137461241e8cc428fab2d0dc2620f23d58db0b1306c08e7f1c83e1c36d12c0391b5ef8d3c3257eff50ecfd45e510b347c9479d1b3b9a889a491d8762b
-
SSDEEP
6144:jB3dEsS3I3j8RMQ+RILLh/AYOOifna9WaKYtcfVByVxckHOT6I6Fqb:jJdEA4V+Ro5OGW5IO/y4kuTwA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-