General
-
Target
956c0fd36c2f21f37b8782caa8e5f337dcf9083994c28080d2f42a3a2cfcdbbd.exe
-
Size
417KB
-
Sample
240417-cct4ksaf43
-
MD5
cd86be81ddf241013be032803530ddeb
-
SHA1
d84462a3afb848584ed6e871a3ee02c3213c2c08
-
SHA256
956c0fd36c2f21f37b8782caa8e5f337dcf9083994c28080d2f42a3a2cfcdbbd
-
SHA512
2779ce00849e22ed68dfa653cdb782c650a0126c3603409610e0499652a72ed0d1635bc3619a93642a49635bfde672428809eb032587f9d458aba59bb466fc57
-
SSDEEP
12288:4+Pv3L1UTL073jVoHfO5jN/maLPXjh6np3:vv3L1UT473jVo/KjEgPzs
Static task
static1
Behavioral task
behavioral1
Sample
956c0fd36c2f21f37b8782caa8e5f337dcf9083994c28080d2f42a3a2cfcdbbd.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
956c0fd36c2f21f37b8782caa8e5f337dcf9083994c28080d2f42a3a2cfcdbbd.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
956c0fd36c2f21f37b8782caa8e5f337dcf9083994c28080d2f42a3a2cfcdbbd.exe
-
Size
417KB
-
MD5
cd86be81ddf241013be032803530ddeb
-
SHA1
d84462a3afb848584ed6e871a3ee02c3213c2c08
-
SHA256
956c0fd36c2f21f37b8782caa8e5f337dcf9083994c28080d2f42a3a2cfcdbbd
-
SHA512
2779ce00849e22ed68dfa653cdb782c650a0126c3603409610e0499652a72ed0d1635bc3619a93642a49635bfde672428809eb032587f9d458aba59bb466fc57
-
SSDEEP
12288:4+Pv3L1UTL073jVoHfO5jN/maLPXjh6np3:vv3L1UT473jVo/KjEgPzs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-