General
-
Target
94efd1198279b7503006b9120880a143bf338f272e9b837b5707fbfe6da908d8
-
Size
310KB
-
Sample
240830-g2819azejc
-
MD5
eefa1db762f1708532b9a2d7693047b9
-
SHA1
fe3d66695758f320562717921c2a0700502cc127
-
SHA256
94efd1198279b7503006b9120880a143bf338f272e9b837b5707fbfe6da908d8
-
SHA512
6c312e60bdf383d51582d3d9068a8b8e1e1639b6a4bd247cf3c3393c4d0a79ad8ab1a806e5c6df2c4e9a12de20a251535b547c8cb0626318b705e09b25c7c62a
-
SSDEEP
6144:cZ4OtRSBa/7Di49LLU4CL7/pR/2C/tbG+s6z0MEQDK3Bg5Ty:SVtd/ni4dU4y7/pR/zNG+n0XkKxg5Ty
Static task
static1
Behavioral task
behavioral1
Sample
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.251:2149
Targets
-
-
Target
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef.exe
-
Size
314KB
-
MD5
6d90f5899ff47cd3519ee0f53b8900f6
-
SHA1
1c28f0a93e4258f2370b14c58872ef1987109a5e
-
SHA256
7935b5b0a3c2fe6391fad0065809fbdd361af8a34fce890182a63a312f1703ef
-
SHA512
985fd3862446ddb8c6baf0ba68b31414a3a004033ff7a5bc37cbfc7e8b7ccbaf43642c16b7c67be6e7e8fcce38edede7986b786740d20da71178a42b7d296146
-
SSDEEP
6144:YvVkn7xeQf6QF0gNW12BTKjV2hRh/SLyzNVkJPvZh5oB4xbHfORnJpwmA0BAGJS:1Eq4gclkhn5V8PD84xrm8WFJS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2