General
-
Target
file.exe
-
Size
491KB
-
Sample
240419-s62nhsgb72
-
MD5
c9ad12873e4b3f8ae042800ab6ca01b5
-
SHA1
4a687ce2dddd416b7da22724c312588d737b36b1
-
SHA256
3eb812720aa52ff562da685c76976d20a569c2f0a929bde19558bdd4241e9867
-
SHA512
6b4e5a2b296d00bc2179616aaa4a040cc1938872ea9b309683226fe8979c39e6976d3c9980b1983378f081cfd76ce6af37e3b9196fbd05c584caf1e0ddf3e016
-
SSDEEP
12288:Z0fa1MGNMpySMcLnZ+LdfdyQPT7tnirfoCe:ka1zNM3zZIddB7tyQR
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.50:33080
Targets
-
-
Target
file.exe
-
Size
491KB
-
MD5
c9ad12873e4b3f8ae042800ab6ca01b5
-
SHA1
4a687ce2dddd416b7da22724c312588d737b36b1
-
SHA256
3eb812720aa52ff562da685c76976d20a569c2f0a929bde19558bdd4241e9867
-
SHA512
6b4e5a2b296d00bc2179616aaa4a040cc1938872ea9b309683226fe8979c39e6976d3c9980b1983378f081cfd76ce6af37e3b9196fbd05c584caf1e0ddf3e016
-
SSDEEP
12288:Z0fa1MGNMpySMcLnZ+LdfdyQPT7tnirfoCe:ka1zNM3zZIddB7tyQR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-