General
-
Target
37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138.exe
-
Size
379KB
-
Sample
240901-bk7h7swgja
-
MD5
ae9de1093d87672c550524299e8df649
-
SHA1
a779d38b49497f72153da3c22bb90397ae042c0b
-
SHA256
37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138
-
SHA512
cac3cb5aea6660357e6de892db9aa3f3f4725561897a38f8876a8e181990a58108e6d15fc0c2fcb56ea4517e05e03d1a877a15fb6884f4d28739e1d25f1e05f3
-
SSDEEP
6144:xOCC7QURYl/aMw3cSqJ6bKf8LiXgG9TknY/jTfAxHbIQJQgy770/B5p6uXRaD:xRCMwqJ6boyG9Tk6kI4jm03prR
Static task
static1
Behavioral task
behavioral1
Sample
37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.36:30035
Targets
-
-
Target
37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138.exe
-
Size
379KB
-
MD5
ae9de1093d87672c550524299e8df649
-
SHA1
a779d38b49497f72153da3c22bb90397ae042c0b
-
SHA256
37f45abe9970c5962b441635ab1df0395de570aa7ade2617fb18bed6a0f0c138
-
SHA512
cac3cb5aea6660357e6de892db9aa3f3f4725561897a38f8876a8e181990a58108e6d15fc0c2fcb56ea4517e05e03d1a877a15fb6884f4d28739e1d25f1e05f3
-
SSDEEP
6144:xOCC7QURYl/aMw3cSqJ6bKf8LiXgG9TknY/jTfAxHbIQJQgy770/B5p6uXRaD:xRCMwqJ6boyG9Tk6kI4jm03prR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2