General
-
Target
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2
-
Size
490KB
-
Sample
240503-2ar9msag65
-
MD5
b09b19c780bfaa784ccf35dc454f9326
-
SHA1
0efc9a13e26c279bcf9d07bdb62f928f19860c7a
-
SHA256
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2
-
SHA512
862ba80daa00c9402db064a028dd20c79afdda5fa0d7211319f1b84831a2b62023bd2e6ddcbb0367feb1afbe3d3c835a2c745d38a4e6a1953fa140e6c694c8bd
-
SSDEEP
12288:aW5NIYF4bnCv2clgw4exVxfY/pTiQwBNhKHo:F7IY+wh4eQpTiQwDW
Static task
static1
Behavioral task
behavioral1
Sample
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe
Resource
win10-20240404-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2
-
Size
490KB
-
MD5
b09b19c780bfaa784ccf35dc454f9326
-
SHA1
0efc9a13e26c279bcf9d07bdb62f928f19860c7a
-
SHA256
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2
-
SHA512
862ba80daa00c9402db064a028dd20c79afdda5fa0d7211319f1b84831a2b62023bd2e6ddcbb0367feb1afbe3d3c835a2c745d38a4e6a1953fa140e6c694c8bd
-
SSDEEP
12288:aW5NIYF4bnCv2clgw4exVxfY/pTiQwBNhKHo:F7IY+wh4eQpTiQwDW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-