General
-
Target
file.exe
-
Size
488KB
-
Sample
240418-ssf5nahg6y
-
MD5
fa4c5f998dce90810c3ae85a896afce7
-
SHA1
551aeaaf52ab289adea17bb5c745b6c87be60f5c
-
SHA256
28874833c76b4054e0d497dbd7ed64b6469a79b509fac6387c9634f6128ab7a9
-
SHA512
fbbd183e4aa16a33424a1adf1e18bf4ccb604f14beecc52bb06d56035512ec0cd8e9a0fa5adc03c42dc5dbf64170dd3bb39b96993129ac36ab3b0109222a4e83
-
SSDEEP
12288:6vW6XnWVzxV7k+eUodPV+jk3JhxJaD1Ew2W28ng0UtdouHKxpuSd6teE:6e6G9xhaUoujk5hxj82ig7tZHy
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
file.exe
-
Size
488KB
-
MD5
fa4c5f998dce90810c3ae85a896afce7
-
SHA1
551aeaaf52ab289adea17bb5c745b6c87be60f5c
-
SHA256
28874833c76b4054e0d497dbd7ed64b6469a79b509fac6387c9634f6128ab7a9
-
SHA512
fbbd183e4aa16a33424a1adf1e18bf4ccb604f14beecc52bb06d56035512ec0cd8e9a0fa5adc03c42dc5dbf64170dd3bb39b96993129ac36ab3b0109222a4e83
-
SSDEEP
12288:6vW6XnWVzxV7k+eUodPV+jk3JhxJaD1Ew2W28ng0UtdouHKxpuSd6teE:6e6G9xhaUoujk5hxj82ig7tZHy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-