General
-
Target
7688a3598308938d277b9e7f74b7856886559ea7f27dc109f0c6862d2a43140c
-
Size
309KB
-
Sample
240417-pm43ragd21
-
MD5
18f36c04d44d8e2a2302803dd214d23a
-
SHA1
25024938afedd7ec5b1cd5bf56600a576a59f66d
-
SHA256
7688a3598308938d277b9e7f74b7856886559ea7f27dc109f0c6862d2a43140c
-
SHA512
51a404f036fbfa5c3fc6bd91086b71edcaba6d2c3d2cb1aeb55a4f38aa7b5c6fd55fad0e7fa8ccb0d55fefe6279f4235fbcc92139d72a1964dde22914f7ca926
-
SSDEEP
6144:Ntl1eHeQ+Z4SLoKy7PTcj++jZAkHMemF4emZ:Ntl1eeQ+/LkPAq+jZ9M9F4emZ
Static task
static1
Behavioral task
behavioral1
Sample
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe
-
Size
312KB
-
MD5
4f9183606b4514ab3ba63b19a06663d2
-
SHA1
36b841645374b2b4ce99c6af61d77ac1714876eb
-
SHA256
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de
-
SHA512
0cba564de3f89b9b62dfb837275313b64a0852bb1b9bcf93e785c70567bf9fbce91e292fb61d43aa71bc62ff647f2c458f63e95c91b9bfdeb9ff1a1dfb2f8a96
-
SSDEEP
6144:06/goVmKMiCa4GsrduEykH6+bkL6dAti0KLrkoHl8BVmFXYolndcQMR0v8P:0QVd4DXUOAt0k68+FXYopdccvW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-