General
-
Target
f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458.exe
-
Size
312KB
-
Sample
240912-pph83avell
-
MD5
ab06af28eabd848a572023a76ce875ac
-
SHA1
80a6338acd08b1c52b008179ed1c43fa6892fac5
-
SHA256
f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458
-
SHA512
1a9ed3fd31a495b4b43f778e0d63bd338c53aea45efe4d51509bdbb067faa74c0d8cc6e1a9908bb020302b8642852e46c0eeccc9b040e6ca2e1499640dca54cb
-
SSDEEP
6144:yMBav/6NbgdGyUe+nHarbN/sTeZdTCHqbu8uHTQNZxNSlggZ1zz8fkg:xsvWbgdhJ0GZsITg+uRHTQjmlggZ2
Static task
static1
Behavioral task
behavioral1
Sample
f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
185.203.241.68:40901
Targets
-
-
Target
f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458.exe
-
Size
312KB
-
MD5
ab06af28eabd848a572023a76ce875ac
-
SHA1
80a6338acd08b1c52b008179ed1c43fa6892fac5
-
SHA256
f3d5417adab3fcf3d8f70ed37e7acef0b677ab7907122c7900133ebfa00d8458
-
SHA512
1a9ed3fd31a495b4b43f778e0d63bd338c53aea45efe4d51509bdbb067faa74c0d8cc6e1a9908bb020302b8642852e46c0eeccc9b040e6ca2e1499640dca54cb
-
SSDEEP
6144:yMBav/6NbgdGyUe+nHarbN/sTeZdTCHqbu8uHTQNZxNSlggZ1zz8fkg:xsvWbgdhJ0GZsITg+uRHTQjmlggZ2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2