General
-
Target
66cb89fccdd00_crypted.exe
-
Size
314KB
-
Sample
240826-dxh3gsscka
-
MD5
92605ba136b126db1d3734ffab2f1700
-
SHA1
21bc49acca0c4267f7be2d945746089efce2dfb3
-
SHA256
84ccccd320e1db52227eacca356001f04a4ff4354f3830e983f492db5097d649
-
SHA512
7cdc5f6d360e7d2e3b07b39b2022a14a628e2ffdc10e85e49f69c31fbad131d061686d43745a192d6b21c7f9c8407d5bd8caefc8cefe38844924fe343a61ffa6
-
SSDEEP
6144:vXt50WihGZ2KoRRk6EYJId6VIJIqMayNWxWQv6su6EMBtB4kU:v950ZhGDgRgyId6VmIVvNZ+UMXGkU
Static task
static1
Behavioral task
behavioral1
Sample
66cb89fccdd00_crypted.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
66cb89fccdd00_crypted.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.36:14537
Targets
-
-
Target
66cb89fccdd00_crypted.exe
-
Size
314KB
-
MD5
92605ba136b126db1d3734ffab2f1700
-
SHA1
21bc49acca0c4267f7be2d945746089efce2dfb3
-
SHA256
84ccccd320e1db52227eacca356001f04a4ff4354f3830e983f492db5097d649
-
SHA512
7cdc5f6d360e7d2e3b07b39b2022a14a628e2ffdc10e85e49f69c31fbad131d061686d43745a192d6b21c7f9c8407d5bd8caefc8cefe38844924fe343a61ffa6
-
SSDEEP
6144:vXt50WihGZ2KoRRk6EYJId6VIJIqMayNWxWQv6su6EMBtB4kU:v950ZhGDgRgyId6VmIVvNZ+UMXGkU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2