General
-
Target
2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697.exe
-
Size
1.6MB
-
Sample
240911-b2tnnsxcmg
-
MD5
84696a854747864cc51653cb5d843a2a
-
SHA1
ddf0349094531296a340d66d7d7f0bf76df311f5
-
SHA256
2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697
-
SHA512
d7ec6ad635e44d1824a965ccab4722aa9c32e462843f89cfb1bd794d915fefd4c567bf1a8bba890eafbf891658f2f0d9dd351991bafbe642a35442afebc0ddca
-
SSDEEP
49152:V5OneYHloH3HlcGbDss/fvpvJuUHOi0i7hQ5:V5eeYHa1c6DssxU6OXi7e
Static task
static1
Behavioral task
behavioral1
Sample
2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
45.91.202.63:25415
Targets
-
-
Target
2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697.exe
-
Size
1.6MB
-
MD5
84696a854747864cc51653cb5d843a2a
-
SHA1
ddf0349094531296a340d66d7d7f0bf76df311f5
-
SHA256
2ec15fc6c4dfa14162599fd7d46a8c513280ab7dc3a2bb5d7d279f7a10a96697
-
SHA512
d7ec6ad635e44d1824a965ccab4722aa9c32e462843f89cfb1bd794d915fefd4c567bf1a8bba890eafbf891658f2f0d9dd351991bafbe642a35442afebc0ddca
-
SSDEEP
49152:V5OneYHloH3HlcGbDss/fvpvJuUHOi0i7hQ5:V5eeYHa1c6DssxU6OXi7e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2