General
-
Target
f1662fbb012843190b9ad18c76d0141f.bin
-
Size
591KB
-
Sample
240425-cxgc8adh6t
-
MD5
4bfaacf56d02c8a4c1283005221a4660
-
SHA1
4b0187c74bd68d2c9d9cb767c4f22f5332403eaf
-
SHA256
0e44173278361b5d26edeec63da2bba8595522c32abac87d418b2888ba176015
-
SHA512
1020f9d955026bb69788d766f8e6a43167a30a0ad5a054ee1c74a6b617cf95bb78c824fe38c922c95739ecc1964dadf28ad7ea612ff24699c9460563f54fe48b
-
SSDEEP
12288:JIUvFsWz8Ao09Vtym7XwgI7m3uDvRoPrj7BF0iGM6yhbmfw:xNss+0TEm7g9pDv+PP7BF0HXygw
Static task
static1
Behavioral task
behavioral1
Sample
d6016d6c87d7f59a478fe33ccff3a34e86de50b8700167b161da920561598669.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d6016d6c87d7f59a478fe33ccff3a34e86de50b8700167b161da920561598669.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
d6016d6c87d7f59a478fe33ccff3a34e86de50b8700167b161da920561598669.exe
-
Size
1.2MB
-
MD5
f1662fbb012843190b9ad18c76d0141f
-
SHA1
996d7ca6229cedbebde5a0bf7bb67c635bf7b279
-
SHA256
d6016d6c87d7f59a478fe33ccff3a34e86de50b8700167b161da920561598669
-
SHA512
8265cf665bd763cdd30b29086bd6fe51d27f182db8fd92bb42dbed4c38dd03b2e5460366b107a48daab0f10c3c27962a4209d1000f1a1de8dd2007eae415697c
-
SSDEEP
24576:Msxl3hAS7tUhU5M/i8t7avB+eU/SvHNmCftCLRoa:Mi9tUhU5M/y4tSHC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-