General
-
Target
file
-
Size
1.2MB
-
Sample
240423-sqjg1ahd57
-
MD5
f1662fbb012843190b9ad18c76d0141f
-
SHA1
996d7ca6229cedbebde5a0bf7bb67c635bf7b279
-
SHA256
d6016d6c87d7f59a478fe33ccff3a34e86de50b8700167b161da920561598669
-
SHA512
8265cf665bd763cdd30b29086bd6fe51d27f182db8fd92bb42dbed4c38dd03b2e5460366b107a48daab0f10c3c27962a4209d1000f1a1de8dd2007eae415697c
-
SSDEEP
24576:Msxl3hAS7tUhU5M/i8t7avB+eU/SvHNmCftCLRoa:Mi9tUhU5M/y4tSHC
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
file
-
Size
1.2MB
-
MD5
f1662fbb012843190b9ad18c76d0141f
-
SHA1
996d7ca6229cedbebde5a0bf7bb67c635bf7b279
-
SHA256
d6016d6c87d7f59a478fe33ccff3a34e86de50b8700167b161da920561598669
-
SHA512
8265cf665bd763cdd30b29086bd6fe51d27f182db8fd92bb42dbed4c38dd03b2e5460366b107a48daab0f10c3c27962a4209d1000f1a1de8dd2007eae415697c
-
SSDEEP
24576:Msxl3hAS7tUhU5M/i8t7avB+eU/SvHNmCftCLRoa:Mi9tUhU5M/y4tSHC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-