General
-
Target
9c547d620055a9eb5c983e61789b1c3f794c1ef7ddfcce934c32ac754a1d7988
-
Size
360KB
-
Sample
240511-he7eksdg44
-
MD5
5987a553177c829072297f01f1da0159
-
SHA1
5d4903d416bba621596b357bc65347ccdddbe271
-
SHA256
9c547d620055a9eb5c983e61789b1c3f794c1ef7ddfcce934c32ac754a1d7988
-
SHA512
a07a36517223c40c744164399c8a01278df85b167508282a8cd3f45f68eb24a732a0baac979065657a0e85ab81996a1f16ba9fa3367abc8286f92769c32188dc
-
SSDEEP
6144:QIs2fqnzFv8QME77P7M24OHYlveaGRYL9hSe9OhIWAKUDXAXw1QEfDWuxVtEsglJ:Vst98QpPjEL9hFGPAKJSDWwgllyHrm
Static task
static1
Behavioral task
behavioral1
Sample
2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.77:6541
Targets
-
-
Target
2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826.exe
-
Size
402KB
-
MD5
f02798ba573318a4ba1bb6e39c45ad5c
-
SHA1
9b81fd616e27b9aeca4a5a42775df026da28f557
-
SHA256
2b9fa60df2621c7cd698d7d11007f8a04cb6586f495b58f4fd8cc5de5b04f826
-
SHA512
de15b3b67063359bad041e87e1f16029775ca16d2199b2284f3b3039c11f704f208fc994f1383aa7704a7c01544e87aba7c796c407c40c8281ebd607212f2385
-
SSDEEP
6144:dzOa82gO92tYhBOl+vCit0Y0d0ggOl3yinIvSC9dRuJSo+2Aymo/un7pespk:daaR9wYhYiCDQKIvZ1uJSo+jjoS8spk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-