General
-
Target
516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e
-
Size
313KB
-
Sample
240905-2j4zsssgkc
-
MD5
6b19e5c100db0812ffb7813a1503c05d
-
SHA1
17032c0b1b056bec3f23786bad5aa17404de3297
-
SHA256
516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e
-
SHA512
fb97bd74aae13cb4d0205cf704300dfc4f0678dcbd07aacc295bc13b666a4bff46f12786c2d37702a7a783e786a6a92df31df37a39ebcaee74d46c58e0c4e27c
-
SSDEEP
6144:tSS+SfXno/QxiNbuW22FoiU4eAy9i3nzbtvNDNsw:99PqBuW2dHwHxNDNsw
Static task
static1
Behavioral task
behavioral1
Sample
516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e.exe
Resource
win10-20240404-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.36:30035
Targets
-
-
Target
516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e
-
Size
313KB
-
MD5
6b19e5c100db0812ffb7813a1503c05d
-
SHA1
17032c0b1b056bec3f23786bad5aa17404de3297
-
SHA256
516b1a67a3aafceadff083854b26512174cbed4d455c5d8f8993acc8a895ea2e
-
SHA512
fb97bd74aae13cb4d0205cf704300dfc4f0678dcbd07aacc295bc13b666a4bff46f12786c2d37702a7a783e786a6a92df31df37a39ebcaee74d46c58e0c4e27c
-
SSDEEP
6144:tSS+SfXno/QxiNbuW22FoiU4eAy9i3nzbtvNDNsw:99PqBuW2dHwHxNDNsw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2