General
-
Target
b09b19c780bfaa784ccf35dc454f9326.bin
-
Size
407KB
-
Sample
240504-b7j2esdb72
-
MD5
cb5d11a6bf0439c1b383c9f394d47840
-
SHA1
9b4591df26301f9fcf0d622f6264e5656c9ebcff
-
SHA256
1d56f539867962f31945c20faff524f958d5d6c0032279f57e32fe6c5e5468e8
-
SHA512
d4aa51d87ea8551a8cbcdb8acc5302db374c931e675ffcfa2ba7b192062e1479c57e729e8c44d1904b68f353ef338bbc56f02416174899db5ccdbb69c9487d52
-
SSDEEP
12288:WMdghfo1FN4jLrgxd/uMefytriFQECJa0:WMChQ1FN4jLWdmMcyxozCJb
Static task
static1
Behavioral task
behavioral1
Sample
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2.exe
-
Size
490KB
-
MD5
b09b19c780bfaa784ccf35dc454f9326
-
SHA1
0efc9a13e26c279bcf9d07bdb62f928f19860c7a
-
SHA256
4bf00732a644554a0bef0eb0fa080a182a63b52eda03dd8d4df8704feebf20d2
-
SHA512
862ba80daa00c9402db064a028dd20c79afdda5fa0d7211319f1b84831a2b62023bd2e6ddcbb0367feb1afbe3d3c835a2c745d38a4e6a1953fa140e6c694c8bd
-
SSDEEP
12288:aW5NIYF4bnCv2clgw4exVxfY/pTiQwBNhKHo:F7IY+wh4eQpTiQwDW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-