General
-
Target
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe
-
Size
312KB
-
Sample
240417-rz252acd53
-
MD5
4f9183606b4514ab3ba63b19a06663d2
-
SHA1
36b841645374b2b4ce99c6af61d77ac1714876eb
-
SHA256
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de
-
SHA512
0cba564de3f89b9b62dfb837275313b64a0852bb1b9bcf93e785c70567bf9fbce91e292fb61d43aa71bc62ff647f2c458f63e95c91b9bfdeb9ff1a1dfb2f8a96
-
SSDEEP
6144:06/goVmKMiCa4GsrduEykH6+bkL6dAti0KLrkoHl8BVmFXYolndcQMR0v8P:0QVd4DXUOAt0k68+FXYopdccvW
Static task
static1
Behavioral task
behavioral1
Sample
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de.exe
-
Size
312KB
-
MD5
4f9183606b4514ab3ba63b19a06663d2
-
SHA1
36b841645374b2b4ce99c6af61d77ac1714876eb
-
SHA256
c215367f8d70d8eb1d4efb715e6054ab170494ced34549bdd9f3471c43f499de
-
SHA512
0cba564de3f89b9b62dfb837275313b64a0852bb1b9bcf93e785c70567bf9fbce91e292fb61d43aa71bc62ff647f2c458f63e95c91b9bfdeb9ff1a1dfb2f8a96
-
SSDEEP
6144:06/goVmKMiCa4GsrduEykH6+bkL6dAti0KLrkoHl8BVmFXYolndcQMR0v8P:0QVd4DXUOAt0k68+FXYopdccvW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-