General
-
Target
d88b40ed7f2e8b7e39cd1c21d09bde00.bin
-
Size
407KB
-
Sample
240430-cbxhbaha58
-
MD5
85f0cdf07ff5f12ed4072c293c27e8d4
-
SHA1
202e5125df0d34e5afb4e03f8b6ff3daa1c2c384
-
SHA256
19c410be085ffdf4140acac67ee7afb5078b6e4c33e880fd0aa41d7c90f133f6
-
SHA512
280ca919cd4ec63de37c4e48cf33868cc37216f263df5a53ef7537a339b5559d1986f55399c597716796c9fcf8e8fb0f995c5255dcfcafb177d784a30399b752
-
SSDEEP
12288:oog0zNZ54y7KhSuQ+SQg127v/6Y8QCFDgdIIYJHcJ//G:Q0V4yWh7Q+SQg1cX7LIZZ
Static task
static1
Behavioral task
behavioral1
Sample
044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149.exe
-
Size
501KB
-
MD5
d88b40ed7f2e8b7e39cd1c21d09bde00
-
SHA1
d9865029f441f1234580ec18756566b6fe201331
-
SHA256
044041766e3684b106c4c78a70188a599578f3768457e25d26e0c24fb5a34149
-
SHA512
c22374565af7f8455c985d70d3d9f5af69f1480fbf2fd02a3ff44e2fe5c9661e0d61814d48f9c3398ddad3de01872a255f23757a30deef34fbadcb8ebbd43c9d
-
SSDEEP
12288:JYFBqcQcaQVsGRi5xYJQgP4FiKe37a8oz9NSQ1f:JYXqc3sCi5XY4FiKeLPozvx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-