General
-
Target
456a86d30c8506883a00bbafc9ab9ec3.bin
-
Size
409KB
-
Sample
240503-blgdeadd26
-
MD5
27a61be5b4e70ac9b762c2d917d1e293
-
SHA1
ec705b2e19a8d9c6f3259a6a3bab03c5aa4239ce
-
SHA256
fb72ea1d08f89e20980a8052076d1048659ea739ca6293a2b218d6811624b7ca
-
SHA512
caf9a6023d0a60ac18f48455429630e785157f02481e85a7596f44d8b2f724f4f7960769f0e5489e95cc250f3ac34f647083efa3501402e15a4bb7a16710171a
-
SSDEEP
12288:r95L5SKpbnY6jB7jSleqtvnnKkXe3RRa8QsAv9:7TpbnYsvMtt/nK7pqF
Static task
static1
Behavioral task
behavioral1
Sample
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa.exe
-
Size
500KB
-
MD5
456a86d30c8506883a00bbafc9ab9ec3
-
SHA1
f58d3f0c7f03f05e22998662e255e155bd8a74a4
-
SHA256
9dc2cde8d123fbc1141cf3e4e47574ec0c7ed6d57e8815a7a5935a4427b803aa
-
SHA512
4a3da93186fd6d33d14daf61955d253fc20b03c38e2a571dbda40f1b8ee0078bcb101fca11ead2e8087cfe5515e397c5343de37c8e4c1111506b44e33a049162
-
SSDEEP
12288:724IFZdYVs8JwAoq5VxxXK5hVA4kUF4aHpzXoXREuPi:JIhYVPoq5lXK5hVrk87joXf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-