General
-
Target
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef
-
Size
314KB
-
Sample
240828-xzj74stbqm
-
MD5
6d90f5899ff47cd3519ee0f53b8900f6
-
SHA1
1c28f0a93e4258f2370b14c58872ef1987109a5e
-
SHA256
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef
-
SHA512
985fd3862446ddb8c6baf0ba68b31414a3a004033ff7a5bc37cbfc7e8b7ccbaf43642c16b7c67be6e7e8fcce38edede7986b786740d20da71178a42b7d296146
-
SSDEEP
6144:YvVkn7xeQf6QF0gNW12BTKjV2hRh/SLyzNVkJPvZh5oB4xbHfORnJpwmA0BAGJS:1Eq4gclkhn5V8PD84xrm8WFJS
Static task
static1
Behavioral task
behavioral1
Sample
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef.exe
Resource
win11-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.251:2149
Targets
-
-
Target
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef
-
Size
314KB
-
MD5
6d90f5899ff47cd3519ee0f53b8900f6
-
SHA1
1c28f0a93e4258f2370b14c58872ef1987109a5e
-
SHA256
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef
-
SHA512
985fd3862446ddb8c6baf0ba68b31414a3a004033ff7a5bc37cbfc7e8b7ccbaf43642c16b7c67be6e7e8fcce38edede7986b786740d20da71178a42b7d296146
-
SSDEEP
6144:YvVkn7xeQf6QF0gNW12BTKjV2hRh/SLyzNVkJPvZh5oB4xbHfORnJpwmA0BAGJS:1Eq4gclkhn5V8PD84xrm8WFJS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2