General
-
Target
cb8919dfe48ae301848c3d3bc79db7c24b40cdf044ceadbb0b21c0301d8b80b8
-
Size
469KB
-
Sample
240423-x91b3sbb5z
-
MD5
a1d0144edede68512a25d98dd2f4be2e
-
SHA1
ceaf8a8965f8584ed65940f473d78887a9719da3
-
SHA256
cb8919dfe48ae301848c3d3bc79db7c24b40cdf044ceadbb0b21c0301d8b80b8
-
SHA512
b5ee4228f0d6b09f693b875290df218e5c58be44ca148b4a3d88963179e803ac57e8a15d9a8289b28dda714d600c70f884474dfb051d8be1ce6d3e65fe889ee4
-
SSDEEP
12288:KlBmLXXLvvEYDha1nYP86FgqpVN8AIA3nGTIpT:oKXLvvEihaKFFPBjT
Static task
static1
Behavioral task
behavioral1
Sample
cb8919dfe48ae301848c3d3bc79db7c24b40cdf044ceadbb0b21c0301d8b80b8.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
cb8919dfe48ae301848c3d3bc79db7c24b40cdf044ceadbb0b21c0301d8b80b8.exe
Resource
win11-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
cb8919dfe48ae301848c3d3bc79db7c24b40cdf044ceadbb0b21c0301d8b80b8
-
Size
469KB
-
MD5
a1d0144edede68512a25d98dd2f4be2e
-
SHA1
ceaf8a8965f8584ed65940f473d78887a9719da3
-
SHA256
cb8919dfe48ae301848c3d3bc79db7c24b40cdf044ceadbb0b21c0301d8b80b8
-
SHA512
b5ee4228f0d6b09f693b875290df218e5c58be44ca148b4a3d88963179e803ac57e8a15d9a8289b28dda714d600c70f884474dfb051d8be1ce6d3e65fe889ee4
-
SSDEEP
12288:KlBmLXXLvvEYDha1nYP86FgqpVN8AIA3nGTIpT:oKXLvvEihaKFFPBjT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-