General
-
Target
28975ef9b92ab6bfa806d8f9bcae79126b16eb4f94410134ca2a6fa419814ca6
-
Size
500KB
-
Sample
240701-fn18tazglp
-
MD5
2680c845a9f3a2eab004a037bf3e7191
-
SHA1
a9045b3d8b014cefb850c7907b4c7b70bc14073e
-
SHA256
28975ef9b92ab6bfa806d8f9bcae79126b16eb4f94410134ca2a6fa419814ca6
-
SHA512
577874d44b993101fbc610c29ea7bb721a0fb8365ef655f1af7293abacb91e7c96468b735e90a554652effbfa3efdd90044bfcb224ca479bc5b99c5978d69b2f
-
SSDEEP
12288:3astXNA2Q3XiSuqcKmQIiVM73K3Kd83ZGpWjtVMdNGdgoebw:3zXG2Q3SSuqcKmQIiy7K3/QgVS
Static task
static1
Behavioral task
behavioral1
Sample
28975ef9b92ab6bfa806d8f9bcae79126b16eb4f94410134ca2a6fa419814ca6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28975ef9b92ab6bfa806d8f9bcae79126b16eb4f94410134ca2a6fa419814ca6.exe
Resource
win10-20240404-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
77.105.135.107:3445
Targets
-
-
Target
28975ef9b92ab6bfa806d8f9bcae79126b16eb4f94410134ca2a6fa419814ca6
-
Size
500KB
-
MD5
2680c845a9f3a2eab004a037bf3e7191
-
SHA1
a9045b3d8b014cefb850c7907b4c7b70bc14073e
-
SHA256
28975ef9b92ab6bfa806d8f9bcae79126b16eb4f94410134ca2a6fa419814ca6
-
SHA512
577874d44b993101fbc610c29ea7bb721a0fb8365ef655f1af7293abacb91e7c96468b735e90a554652effbfa3efdd90044bfcb224ca479bc5b99c5978d69b2f
-
SSDEEP
12288:3astXNA2Q3XiSuqcKmQIiVM73K3Kd83ZGpWjtVMdNGdgoebw:3zXG2Q3SSuqcKmQIiy7K3/QgVS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-