General
-
Target
2a144dc3e515e3a2663e4521b40c3d847b648699f1ac866e068483ae0a5e3386
-
Size
311KB
-
Sample
240829-f4fl2sxfmj
-
MD5
4539bd6872b7037395d4f60890b109db
-
SHA1
23988c0ff277d39e6c29a911cfc33c0983714808
-
SHA256
2a144dc3e515e3a2663e4521b40c3d847b648699f1ac866e068483ae0a5e3386
-
SHA512
53a3afbba41c819865af9eb1c2e3f525e13bdf5d1f29c68925fd445af0739ec65d00f02a900cdb0329610c680d980221303bd3a63995e6ed71d4536b89426d09
-
SSDEEP
6144:OCvJ/rj52ouBXmhBSgz0TfIsVHQdw/Vpzf49c9M8gQ4cR0whsSBO:zJDVPuBCzAIsVHUw/nA9cKkR0NSU
Static task
static1
Behavioral task
behavioral1
Sample
0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.251:2149
Targets
-
-
Target
0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4.exe
-
Size
315KB
-
MD5
b79ed7b267159f2b1497de63786e6f6d
-
SHA1
43a426a88d342974b47f407048b78d1ee6a3067b
-
SHA256
0ee2c8f8ca955be74a029aa6e0f6ee4558bfb24cd37b835a8bda9d56b520a3d4
-
SHA512
504ac0d2d4d2b8c1dfc159d5c485ce623c4f714636dbf19ee451b66bf17402bc646e39aadf56689fc6e7794d452c9f8de722de3091c136417a67b97cff105c17
-
SSDEEP
6144:M++hBfamxdwBlkx8FIhjH8TNbVQwwJu+H+xWFEie6cLZiIZ/ZSzjznlEjthuKEC:M+uBfamX4aYTNSwSuqre6gFRS7nlEjtF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2