General
-
Target
file.exe
-
Size
459KB
-
Sample
240524-s5bqpsbc55
-
MD5
d816aec818e5be0a3b7af1aea4bca1d8
-
SHA1
39f33d063ce0dfb00ca28f591463b497448ef4a7
-
SHA256
6eb4bcd1025074e900c1d7d545f62ae9d92ba787f229b51a628ba941d708dea2
-
SHA512
ffd4d24764a92f63862f0bd2951ae951b6ec8938851de223c89ec3b9a9cb36b6381932b274e4336f6b4a4b23a2e7d1539c65d1cd52f8443b6edf7287f292f842
-
SSDEEP
12288:CKx2l/UOb3qihVErZBo+MV/73TXJELUve:W/L3qihVEVBzMRDXXm
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.115:40551
Targets
-
-
Target
file.exe
-
Size
459KB
-
MD5
d816aec818e5be0a3b7af1aea4bca1d8
-
SHA1
39f33d063ce0dfb00ca28f591463b497448ef4a7
-
SHA256
6eb4bcd1025074e900c1d7d545f62ae9d92ba787f229b51a628ba941d708dea2
-
SHA512
ffd4d24764a92f63862f0bd2951ae951b6ec8938851de223c89ec3b9a9cb36b6381932b274e4336f6b4a4b23a2e7d1539c65d1cd52f8443b6edf7287f292f842
-
SSDEEP
12288:CKx2l/UOb3qihVErZBo+MV/73TXJELUve:W/L3qihVEVBzMRDXXm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-