General
-
Target
d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2
-
Size
375KB
-
Sample
240905-2sljtatbpd
-
MD5
1b4e6b62027f8ee24d3401c9ec96f672
-
SHA1
6bb4152446cd1ed5752f81f7ba4053b8e12d0852
-
SHA256
d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2
-
SHA512
bf8a779100c87206018926bc077ffd23bdce02fe5f47518e528e747b0ed83f60972d98abdf618ac514f8ac87250488fe0cab7756bc11ba18686e0d45c1c0dffc
-
SSDEEP
6144:i1EphgcDeE9hz4LL9VYv7rIQRVHjj3IP4Za1xsL8IbjKWijFj5OPhRXvo4:CE0a9veL9VuHNjj3IQc28IbjKWk/OPhJ
Static task
static1
Behavioral task
behavioral1
Sample
d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2.exe
Resource
win10-20240404-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
147.45.47.36:30035
Targets
-
-
Target
d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2
-
Size
375KB
-
MD5
1b4e6b62027f8ee24d3401c9ec96f672
-
SHA1
6bb4152446cd1ed5752f81f7ba4053b8e12d0852
-
SHA256
d30d079e3e347e11a8d8ebd5ec025367968147b52d47d15c61a7bc48e0fbeee2
-
SHA512
bf8a779100c87206018926bc077ffd23bdce02fe5f47518e528e747b0ed83f60972d98abdf618ac514f8ac87250488fe0cab7756bc11ba18686e0d45c1c0dffc
-
SSDEEP
6144:i1EphgcDeE9hz4LL9VYv7rIQRVHjj3IP4Za1xsL8IbjKWijFj5OPhRXvo4:CE0a9veL9VuHNjj3IQc28IbjKWk/OPhJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2