Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    345KB

  • Sample

    221105-snfnbsgdd6

  • MD5

    b04c85dd60ddc49ca97ca8f2ba7a18de

  • SHA1

    e6729fce836ee907f06854d68e9bcb8f52cb1a1a

  • SHA256

    8df8cb68ef5876ba3710069be2b555086123784fa71a06faa991f8d79c8c5b41

  • SHA512

    44f2f74801daa8140a4b00a3587c02f19a27e93cd93a180d42f47d05212edca8927a58f604e37ef8fd89f849e66fc6e13aac47a384d9b1cede4edf6721d74fac

  • SSDEEP

    6144:hfpULmzG/7sannAHqfhqeLhVAOsFgymw+1Z1lLRtmmFp5ji8o:hCLmzG/40hVuFaj1lLRtpFp5Ho

Score
10/10
redlinelogsdiller cloud (tg: @logsdillabot)infostealerspyware

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.21:7161

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file.exe

    • Size

      345KB

    • MD5

      b04c85dd60ddc49ca97ca8f2ba7a18de

    • SHA1

      e6729fce836ee907f06854d68e9bcb8f52cb1a1a

    • SHA256

      8df8cb68ef5876ba3710069be2b555086123784fa71a06faa991f8d79c8c5b41

    • SHA512

      44f2f74801daa8140a4b00a3587c02f19a27e93cd93a180d42f47d05212edca8927a58f604e37ef8fd89f849e66fc6e13aac47a384d9b1cede4edf6721d74fac

    • SSDEEP

      6144:hfpULmzG/7sannAHqfhqeLhVAOsFgymw+1Z1lLRtmmFp5ji8o:hCLmzG/40hVuFaj1lLRtpFp5Ho

    Score
    10/10
    redlinelogsdiller cloud (tg: @logsdillabot)infostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks