General
-
Target
702021300aed8dfde070019d752b020d.bin
-
Size
409KB
-
Sample
240505-bqx7qadc97
-
MD5
22c0256f6a898697698ef0051057a712
-
SHA1
4407b9e5683a1d6e626ea0aebd5cb1d838f3bc40
-
SHA256
1e699d9a1a3d9b62d5538a0187747ddf6deacab418b548e5ffd848710a305ef1
-
SHA512
fdbc216e542b7702fd4f68de20cfed76d5968ce9deb1fadeb295be5bcb047c11a4c4d819f52065927ad8b244d16ac9ae85b3b17eb0a1323a64cc8907a098d555
-
SSDEEP
6144:QwS5Y/kcaeGUGZLBGGYLgNsOkySQBMtVu8p61pmxw/QPKwcLZUuZqvkxml8Lo:XKuGfxse5mt8O4pcw/QPKw/BsdM
Static task
static1
Behavioral task
behavioral1
Sample
e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.96:28380
Targets
-
-
Target
e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678.exe
-
Size
545KB
-
MD5
702021300aed8dfde070019d752b020d
-
SHA1
45f152925534102013fbe5c17805ca938499256d
-
SHA256
e75a30472c88c4a2d875b19a60c704d773de97c025a87e5e813b02cbaccb4678
-
SHA512
34cf3a888f35bee61a72ca5bb418a8676ff66d3be44af31d709548b9ba8ba0c8fed84a6c44baab74965a72d3b60e5d74d178589614a06a24bbf966b2ffa7ccc0
-
SSDEEP
12288:a/kIWN053iBXmiHvxIsFCmelWpqKoQ/P6znImCruFPyeJegy91Ho:aMIb3mHpzeqqdQ/P6MJepa1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-