General
-
Target
file.exe
-
Size
313KB
-
Sample
240912-t1dj6stema
-
MD5
11506bb939332f58920d0a3c8ad1c5c2
-
SHA1
84a51f6e540a74df7cba44454d162fdaefebc0e5
-
SHA256
4ed6d72fef68c583439e803871226e76588ce6436d10362011b21763e0ccf176
-
SHA512
ae52f9c23d8602f5d0124690ba271725b6c05abe96fc653c6fd9e701931c4b06c7ba085b3731866367d28f3013c01ba902f200a4ab7451ae162cfa6a7356450a
-
SSDEEP
6144:bcpDFLyc58oYip9to/FgQmfy0uOlxyRyr2Y7ND6:bADY08oYip9tot2rlwRyy+
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
185.203.241.68:40901
Targets
-
-
Target
file.exe
-
Size
313KB
-
MD5
11506bb939332f58920d0a3c8ad1c5c2
-
SHA1
84a51f6e540a74df7cba44454d162fdaefebc0e5
-
SHA256
4ed6d72fef68c583439e803871226e76588ce6436d10362011b21763e0ccf176
-
SHA512
ae52f9c23d8602f5d0124690ba271725b6c05abe96fc653c6fd9e701931c4b06c7ba085b3731866367d28f3013c01ba902f200a4ab7451ae162cfa6a7356450a
-
SSDEEP
6144:bcpDFLyc58oYip9to/FgQmfy0uOlxyRyr2Y7ND6:bADY08oYip9tot2rlwRyy+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2