General
-
Target
file.exe
-
Size
315KB
-
Sample
240827-vnjfbsshpm
-
MD5
b79ed7b267159f2b1497de63786e6f6d
-
SHA1
43a426a88d342974b47f407048b78d1ee6a3067b
-
SHA256
0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4
-
SHA512
504ac0d2d4d2b8c1dfc159d5c485ce623c4f714636dbf19ee451b66bf17402bc646e39aadf56689fc6e7794d452c9f8de722de3091c136417a67b97cff105c17
-
SSDEEP
6144:M++hBfamxdwBlkx8FIhjH8TNbVQwwJu+H+xWFEie6cLZiIZ/ZSzjznlEjthuKEC:M+uBfamX4aYTNSwSuqre6gFRS7nlEjtF
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.251:2149
Targets
-
-
Target
file.exe
-
Size
315KB
-
MD5
b79ed7b267159f2b1497de63786e6f6d
-
SHA1
43a426a88d342974b47f407048b78d1ee6a3067b
-
SHA256
0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4
-
SHA512
504ac0d2d4d2b8c1dfc159d5c485ce623c4f714636dbf19ee451b66bf17402bc646e39aadf56689fc6e7794d452c9f8de722de3091c136417a67b97cff105c17
-
SSDEEP
6144:M++hBfamxdwBlkx8FIhjH8TNbVQwwJu+H+xWFEie6cLZiIZ/ZSzjznlEjthuKEC:M+uBfamX4aYTNSwSuqre6gFRS7nlEjtF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2