General
-
Target
8e38e8ecd481eb08ceaa4ae363251311.exe
-
Size
915KB
-
Sample
240527-p33vmaeb74
-
MD5
8e38e8ecd481eb08ceaa4ae363251311
-
SHA1
8c2a06c4c7b52cb9cd01c414732597e9289b3ad4
-
SHA256
036fb259b53e5db9dbe7039bd4a2c5e2118b3242e38e9c0cc697e4e4c44b9f40
-
SHA512
c02a7be29b8012778a9028b67d71384e0a6a60857f880bf858099aef5a41a21c0068cfd2ff4116176493c28938d5e799ca18738a6e29335c3423f895305d016f
-
SSDEEP
24576:7tASL4DpnNBcMxDlxTWTn6WHmTSHMLir8/dp97A:f4DpnNBcMTxTyYSY1P7A
Static task
static1
Behavioral task
behavioral1
Sample
8e38e8ecd481eb08ceaa4ae363251311.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
8e38e8ecd481eb08ceaa4ae363251311.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
5.42.65.115:40551
Targets
-
-
Target
8e38e8ecd481eb08ceaa4ae363251311.exe
-
Size
915KB
-
MD5
8e38e8ecd481eb08ceaa4ae363251311
-
SHA1
8c2a06c4c7b52cb9cd01c414732597e9289b3ad4
-
SHA256
036fb259b53e5db9dbe7039bd4a2c5e2118b3242e38e9c0cc697e4e4c44b9f40
-
SHA512
c02a7be29b8012778a9028b67d71384e0a6a60857f880bf858099aef5a41a21c0068cfd2ff4116176493c28938d5e799ca18738a6e29335c3423f895305d016f
-
SSDEEP
24576:7tASL4DpnNBcMxDlxTWTn6WHmTSHMLir8/dp97A:f4DpnNBcMTxTyYSY1P7A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-