General
-
Target
file.exe
-
Size
545KB
-
Sample
240503-nsvwlade8t
-
MD5
702021300aed8dfde070019d752b020d
-
SHA1
45f152925534102013fbe5c17805ca938499256d
-
SHA256
e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678
-
SHA512
34cf3a888f35bee61a72ca5bb418a8676ff66d3be44af31d709548b9ba8ba0c8fed84a6c44baab74965a72d3b60e5d74d178589614a06a24bbf966b2ffa7ccc0
-
SSDEEP
12288:a/kIWN053iBXmiHvxIsFCmelWpqKoQ/P6znImCruFPyeJegy91Ho:aMIb3mHpzeqqdQ/P6MJepa1
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
file.exe
-
Size
545KB
-
MD5
702021300aed8dfde070019d752b020d
-
SHA1
45f152925534102013fbe5c17805ca938499256d
-
SHA256
e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678
-
SHA512
34cf3a888f35bee61a72ca5bb418a8676ff66d3be44af31d709548b9ba8ba0c8fed84a6c44baab74965a72d3b60e5d74d178589614a06a24bbf966b2ffa7ccc0
-
SSDEEP
12288:a/kIWN053iBXmiHvxIsFCmelWpqKoQ/P6znImCruFPyeJegy91Ho:aMIb3mHpzeqqdQ/P6MJepa1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-