General
-
Target
4ed2368fc3e3030a3da9930cb430b80d4611baf0a0451efe3f9e02b25ccd493d.exe
-
Size
496KB
-
Sample
240427-brmsdagh71
-
MD5
ea8b223863892068e3cfab601caf53d4
-
SHA1
d94660b1fc88c44fddf2b330e9628b38c9e7d8d0
-
SHA256
4ed2368fc3e3030a3da9930cb430b80d4611baf0a0451efe3f9e02b25ccd493d
-
SHA512
c2e615cf996015fe3eb04ebdb345e1cad04e73850e77bc9d9ee3dee919cf10f3bb8d323d98c9d02b80cc1687cb69f8e82a5ec350ba3ef73fbdccb2be3d43d11a
-
SSDEEP
12288:1dy0t/5TvliKBBV06Eqj7o38LjxixclXtKIN2rYoPlD6y:f/5jl7mEoKt9N2FR6
Static task
static1
Behavioral task
behavioral1
Sample
4ed2368fc3e3030a3da9930cb430b80d4611baf0a0451efe3f9e02b25ccd493d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4ed2368fc3e3030a3da9930cb430b80d4611baf0a0451efe3f9e02b25ccd493d.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
4ed2368fc3e3030a3da9930cb430b80d4611baf0a0451efe3f9e02b25ccd493d.exe
-
Size
496KB
-
MD5
ea8b223863892068e3cfab601caf53d4
-
SHA1
d94660b1fc88c44fddf2b330e9628b38c9e7d8d0
-
SHA256
4ed2368fc3e3030a3da9930cb430b80d4611baf0a0451efe3f9e02b25ccd493d
-
SHA512
c2e615cf996015fe3eb04ebdb345e1cad04e73850e77bc9d9ee3dee919cf10f3bb8d323d98c9d02b80cc1687cb69f8e82a5ec350ba3ef73fbdccb2be3d43d11a
-
SSDEEP
12288:1dy0t/5TvliKBBV06Eqj7o38LjxixclXtKIN2rYoPlD6y:f/5jl7mEoKt9N2FR6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-