General
-
Target
65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad
-
Size
324KB
-
Sample
240905-2lgbhssdll
-
MD5
e600b6015b0312b52214f459fcc6f3c2
-
SHA1
0e763e33524e467b46d27e5f0603cd2165c47fed
-
SHA256
65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad
-
SHA512
b1c1a68128c2cd75df9cb1d890358fd6bb85d9a62288468a19db3295cc25e6cb97c05fa0b5bc3b1dd2b88bd39b343ce5cd1494ca8ab56352c1e375e88fe7e464
-
SSDEEP
6144:sPP5QJyXEJZq77hQ8ed1oBj32nQumiUdfg+CYnDNMhXYGenCnaW1qMJyky:cGJyX2EdQ8ed1K+Yfg+DDGYn4aW1TJyD
Static task
static1
Behavioral task
behavioral1
Sample
65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad.exe
Resource
win10-20240404-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.36:30035
Targets
-
-
Target
65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad
-
Size
324KB
-
MD5
e600b6015b0312b52214f459fcc6f3c2
-
SHA1
0e763e33524e467b46d27e5f0603cd2165c47fed
-
SHA256
65bb6281d63ad091f8b6b4d0c460d9d6c1631fe141fe15b23dc6d23a41e094ad
-
SHA512
b1c1a68128c2cd75df9cb1d890358fd6bb85d9a62288468a19db3295cc25e6cb97c05fa0b5bc3b1dd2b88bd39b343ce5cd1494ca8ab56352c1e375e88fe7e464
-
SSDEEP
6144:sPP5QJyXEJZq77hQ8ed1oBj32nQumiUdfg+CYnDNMhXYGenCnaW1qMJyky:cGJyX2EdQ8ed1K+Yfg+DDGYn4aW1TJyD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2