General
-
Target
setup.exe
-
Size
502KB
-
Sample
240701-16r33sxaql
-
MD5
b0cfe4185035fc751ed0a62b1a95af98
-
SHA1
dc90ec29c5da5414702e9163ae0133d207608960
-
SHA256
ef5d295050a33cb9c2bd069a90855c74df58d0f7f6238885b48a6422eb6da137
-
SHA512
22d2dda36d5a7a1d29560db389b4811481c6ee39158903e5debc2a95a641929317a3d487cf138bc7e06c55dd05fdd92687159e81ed5fa5d9d18b5660e5c39c24
-
SSDEEP
12288:R9Z5uG0VGH6CNq93+xYg1dSjBYSuBbT+g6:vlOGaCT7ZBBbq
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
77.105.135.107:3445
Targets
-
-
Target
setup.exe
-
Size
502KB
-
MD5
b0cfe4185035fc751ed0a62b1a95af98
-
SHA1
dc90ec29c5da5414702e9163ae0133d207608960
-
SHA256
ef5d295050a33cb9c2bd069a90855c74df58d0f7f6238885b48a6422eb6da137
-
SHA512
22d2dda36d5a7a1d29560db389b4811481c6ee39158903e5debc2a95a641929317a3d487cf138bc7e06c55dd05fdd92687159e81ed5fa5d9d18b5660e5c39c24
-
SSDEEP
12288:R9Z5uG0VGH6CNq93+xYg1dSjBYSuBbT+g6:vlOGaCT7ZBBbq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-