General
-
Target
775af421a2e7cc4d2cdb81142168f9c8.bin
-
Size
390KB
-
Sample
240502-bvp2xadb3v
-
MD5
886a83a388b307468fc28c2d6dbdbb12
-
SHA1
e8d4cd86bfb17a405c2761d90ef0577418d0caad
-
SHA256
f2db85c5e47d5385a7190d6bb720184c3ce2bed88bf9e16903198469cc31f506
-
SHA512
4597a860a38f2fecd5f67bc7c1187a6ed2eadac215c503d97b1e7e544f577137ed4b4eac8199587981409ad80a8ee4e8283ddf1a32396143c4dcfd145043778a
-
SSDEEP
12288:f1vKlFkusYTYQ7x9jqOZMT3WVm2hj6CT/+:ftKDKYTYQr5Z43dS6u+
Static task
static1
Behavioral task
behavioral1
Sample
052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050.exe
-
Size
467KB
-
MD5
775af421a2e7cc4d2cdb81142168f9c8
-
SHA1
502514f61d9411039839d35f2888dce15ced2962
-
SHA256
052f4b87994b5aee20f9d69ef631c9648f6b90524575be78cba9a0bd17228050
-
SHA512
d592d66b15551040c332bf6d359cf591940c36b0c4ed3e83171bdc228e3f66364ee06e7e92e706977d29299200eb4d36db83616edec3853f300aaf02dc2dade3
-
SSDEEP
12288:kx2+JCy0qUNFqoAmy0MumPyX1PEtFw8IK/X0JRmvrm:kx2H7JdaumKXTIOQj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-