redline | 044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149 | Triage

Submit
Reports

Overview

overview

Static

static

3

044041766e...49.exe

windows7-x64

044041766e...49.exe

windows10-2004-x64

Sharing

General

Target

044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149.exe
Size

501KB
Sample

240429-bdbsysdh51
MD5

d88b40ed7f2e8b7e39cd1c21d09bde00
SHA1

d9865029f441f1234580ec18756566b6fe201331
SHA256

044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149
SHA512

c22374565af7f8455c985d70d3d9f5af69f1480fbf2fd02a3ff44e2fe5c9661e0d61814d48f9c3398ddad3de01872a255f23757a30deef34fbadcb8ebbd43c9d
SSDEEP

12288:JYFBqcQcaQVsGRi5xYJQgP4FiKe37a8oz9NSQ1f:JYXqc3sCi5XY4FiKeLPozvx

Score

10^/10

redline logsdiller cloud (tg: @logsdillabot)infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149.exe

Resource

win7-20240221-en

redline infostealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149.exe

Resource

win10v2004-20240419-en

redline logsdiller cloud (tg: @logsdillabot)infostealer

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.96:28380

Targets

- Target
  
  044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149.exe
- Size
  
  501KB
- MD5
  
  d88b40ed7f2e8b7e39cd1c21d09bde00
- SHA1
  
  d9865029f441f1234580ec18756566b6fe201331
- SHA256
  
  044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149
- SHA512
  
  c22374565af7f8455c985d70d3d9f5af69f1480fbf2fd02a3ff44e2fe5c9661e0d61814d48f9c3398ddad3de01872a255f23757a30deef34fbadcb8ebbd43c9d
- SSDEEP
  
  12288:JYFBqcQcaQVsGRi5xYJQgP4FiKe37a8oz9NSQ1f:JYXqc3sCi5XY4FiKeLPozvx
Score

10^/10

redline infostealer logsdiller cloud (tg: @logsdillabot)
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

redlineinfostealer

behavioral2

redlinelogsdiller cloud (tg: @logsdillabot)infostealer

© 2018-2024

Terms | Privacy