General
-
Target
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa
-
Size
500KB
-
Sample
240501-3kcglsce68
-
MD5
456a86d30c8506883a00bbafc9ab9ec3
-
SHA1
f58d3f0c7f03f05e22998662e255e155bd8a74a4
-
SHA256
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa
-
SHA512
4a3da93186fd6d33d14daf61955d253fc20b03c38e2a571dbda40f1b8ee0078bcb101fca11ead2e8087cfe5515e397c5343de37c8e4c1111506b44e33a049162
-
SSDEEP
12288:724IFZdYVs8JwAoq5VxxXK5hVA4kUF4aHpzXoXREuPi:JIhYVPoq5lXK5hVrk87joXf
Static task
static1
Behavioral task
behavioral1
Sample
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa.exe
Resource
win10-20240404-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa
-
Size
500KB
-
MD5
456a86d30c8506883a00bbafc9ab9ec3
-
SHA1
f58d3f0c7f03f05e22998662e255e155bd8a74a4
-
SHA256
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa
-
SHA512
4a3da93186fd6d33d14daf61955d253fc20b03c38e2a571dbda40f1b8ee0078bcb101fca11ead2e8087cfe5515e397c5343de37c8e4c1111506b44e33a049162
-
SSDEEP
12288:724IFZdYVs8JwAoq5VxxXK5hVA4kUF4aHpzXoXREuPi:JIhYVPoq5lXK5hVrk87joXf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-