General
-
Target
file.exe
-
Size
935KB
-
Sample
240702-mes96s1hpl
-
MD5
75a2d212a591a83a4d0c88a92b390b88
-
SHA1
8f69b79a0d6bc6b4def35b38ec46d15e6eb1c1d9
-
SHA256
cf47a943ec0eb86c16a8d7e6e0ad8c4bfb6063af089e1b3809ed44ac45347e71
-
SHA512
e7242ef4042f96743a6f999bee1a5ee93a88a6aa83385a28d2b868bd2c2f6734c0bc9192059e5a7862cff747a4dee8a16e9ac10cb659cbd2f05a4a040dd05a47
-
SSDEEP
24576:j+qodQCtw8QEZWBiMUp736I5Zqi7P2XZtXtW/Di:iw8QEZWBTXSZqiz2XvXQm
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @logsdillabot)
77.105.135.107:3445
Targets
-
-
Target
file.exe
-
Size
935KB
-
MD5
75a2d212a591a83a4d0c88a92b390b88
-
SHA1
8f69b79a0d6bc6b4def35b38ec46d15e6eb1c1d9
-
SHA256
cf47a943ec0eb86c16a8d7e6e0ad8c4bfb6063af089e1b3809ed44ac45347e71
-
SHA512
e7242ef4042f96743a6f999bee1a5ee93a88a6aa83385a28d2b868bd2c2f6734c0bc9192059e5a7862cff747a4dee8a16e9ac10cb659cbd2f05a4a040dd05a47
-
SSDEEP
24576:j+qodQCtw8QEZWBiMUp736I5Zqi7P2XZtXtW/Di:iw8QEZWBTXSZqiz2XvXQm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-