General
-
Target
132fe6d8e5c0026b4f9e0de786ccc4a35fc22d86821d230f8d8ea924e825ffbf.exe
-
Size
459KB
-
Sample
240523-bhd4wafh4v
-
MD5
e154829a16292c782b579d217e0ea8bf
-
SHA1
5d2fb1535930184e7212b5fb780c638f32a03cee
-
SHA256
132fe6d8e5c0026b4f9e0de786ccc4a35fc22d86821d230f8d8ea924e825ffbf
-
SHA512
d0acbc1d810f628107e095959a2c53ef6e58adcc8631f1ab16353b1294b7f51f13b1ff9936ab5e86aff2d3c4fad9c56f3df263d9f7b27de8ffa3cd508537a300
-
SSDEEP
12288:mQJRsrrQqYvbeUVOyJ3GJNu0ADIJTls9tJBKM1I59rM:akkyJoNYDOsrqM259A
Static task
static1
Behavioral task
behavioral1
Sample
132fe6d8e5c0026b4f9e0de786ccc4a35fc22d86821d230f8d8ea924e825ffbf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
132fe6d8e5c0026b4f9e0de786ccc4a35fc22d86821d230f8d8ea924e825ffbf.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.115:40551
Targets
-
-
Target
132fe6d8e5c0026b4f9e0de786ccc4a35fc22d86821d230f8d8ea924e825ffbf.exe
-
Size
459KB
-
MD5
e154829a16292c782b579d217e0ea8bf
-
SHA1
5d2fb1535930184e7212b5fb780c638f32a03cee
-
SHA256
132fe6d8e5c0026b4f9e0de786ccc4a35fc22d86821d230f8d8ea924e825ffbf
-
SHA512
d0acbc1d810f628107e095959a2c53ef6e58adcc8631f1ab16353b1294b7f51f13b1ff9936ab5e86aff2d3c4fad9c56f3df263d9f7b27de8ffa3cd508537a300
-
SSDEEP
12288:mQJRsrrQqYvbeUVOyJ3GJNu0ADIJTls9tJBKM1I59rM:akkyJoNYDOsrqM259A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-