General
-
Target
c7905221702ab47703f2465d954ab10f242ba6d1a76aa8b09930be1db42fa9a3
-
Size
309KB
-
Sample
240417-ptre8sgg8v
-
MD5
b382479d79caf7467a79fc82d1cf0eb7
-
SHA1
b718c05e85b5ec691030a422fbe45f7be30446c9
-
SHA256
c7905221702ab47703f2465d954ab10f242ba6d1a76aa8b09930be1db42fa9a3
-
SHA512
8ebbd756d7ae63baa726e9848b45d4a5a1cc50b4e0d3537597219ad8fae47fd6dcc7e7b54ffec43951d3a359da377fcc18edca8b030f00d94121bbe025afa0c5
-
SSDEEP
6144:nI89/DOxwO4tbgjM8BM9+t+wPJQ7JLzxvcFexJL7PJOHnQ9tZ3FHuw6svkd+:pByxcbDgM9+pJ25zxkFgJLLJvthArd+
Static task
static1
Behavioral task
behavioral1
Sample
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22.exe
-
Size
312KB
-
MD5
a037d37588be527d6ab4a8b694008c0d
-
SHA1
bac3e9c35cb809d8db154e82054d01b41af9d5cd
-
SHA256
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22
-
SHA512
18f8216e05a19f826db0025ef351a5854e755477639b76eee5d11b9fa0fd28c4c2ab1aa22bc572225ff46e8d5438e039dd5d0b2763a0781245418632e04ac529
-
SSDEEP
6144:QKn43PyXqq7Pul8yG19LQXHl35VlpP6aBGIZ+rbMvfqt3:QKne6XdPullh3lpVviTQ+8vfqt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-