General
-
Target
d41582bde613bd63caffa80f482e692b.bin
-
Size
595KB
-
Sample
240426-b6hf7shb46
-
MD5
00990fc64319df92ef7c18c4cb509891
-
SHA1
569a2d0d731d0496ca0091ea3aca2f86814fe94e
-
SHA256
fee3c2be560be1ff85650f59b03366cbb42f038ba578ff2e888d91f76baa48f0
-
SHA512
64ec6ae45518eef5389997cb36d039866c5cf071ae79b20187f9dbc8f898c3992bc56f00d0bf2ee780d7adc77ce98ff5408bda59a39e7368b8f9eff50f717b58
-
SSDEEP
12288:k4IteVYQbXwfi8qLLXtcNdGaI6TNr+EgMTEpoRg8VR/uN6Xmk9ow:hLCi8I6i6LgMgpoR9VR/zm0ow
Static task
static1
Behavioral task
behavioral1
Sample
212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0.exe
-
Size
1.2MB
-
MD5
d41582bde613bd63caffa80f482e692b
-
SHA1
d1ccf0f0f4224e4daa412c868729977cddec079e
-
SHA256
212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0
-
SHA512
37defa103178d6e281a62f5cc221380f687740cfcf268c24dbeb7bf1c320fbb94be26ce74234b717cafe5f0c74b527ebf8c063fa4c49594174b68e2753e1474d
-
SSDEEP
12288:FCRMXFhAS3ocOaKANlQWE4goVyevmV/HSgrouJoz7ZyCwLvsTC/pSiAF1XcwJJSH:FCROhAS3onZANlQWEwtvEPg7SITCCXC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-