General
-
Target
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22
-
Size
312KB
-
Sample
240418-3bpqksah7y
-
MD5
a037d37588be527d6ab4a8b694008c0d
-
SHA1
bac3e9c35cb809d8db154e82054d01b41af9d5cd
-
SHA256
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22
-
SHA512
18f8216e05a19f826db0025ef351a5854e755477639b76eee5d11b9fa0fd28c4c2ab1aa22bc572225ff46e8d5438e039dd5d0b2763a0781245418632e04ac529
-
SSDEEP
6144:QKn43PyXqq7Pul8yG19LQXHl35VlpP6aBGIZ+rbMvfqt3:QKne6XdPullh3lpVviTQ+8vfqt
Static task
static1
Behavioral task
behavioral1
Sample
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22.exe
Resource
win10-20240404-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22
-
Size
312KB
-
MD5
a037d37588be527d6ab4a8b694008c0d
-
SHA1
bac3e9c35cb809d8db154e82054d01b41af9d5cd
-
SHA256
fa8bab85d7368e130a5ababcafc8a57e7d1681ced8196790292c5797439c2c22
-
SHA512
18f8216e05a19f826db0025ef351a5854e755477639b76eee5d11b9fa0fd28c4c2ab1aa22bc572225ff46e8d5438e039dd5d0b2763a0781245418632e04ac529
-
SSDEEP
6144:QKn43PyXqq7Pul8yG19LQXHl35VlpP6aBGIZ+rbMvfqt3:QKne6XdPullh3lpVviTQ+8vfqt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-